Ansicht
Dokumentation

CL_RBAM_QUERY_UTILS - RBAM: Hilfsmethoden für Suchanfragen

BAL Application Log Documentation   General Data in Customer Master  
Diese Dokumentation steht unter dem Copyright der SAP AG.

Funktionalität

Hilfsklasse zum Umgang mit BO-Suchanfragen im Zusammenhang mit Berechtigungsprüfungen des Role Based Access Management (RBAM). Die Klasse besitzt z.Zt. nur eine einzige öffentliche Methode, GET_QUERY_PRE_DECISION. Siehe dazu deren separate Methodendokumentation.

Beziehungen

Die Funktionen dieser Klasse können sinnvoll im Zusammenhang mit der RBAM Restrictions API (CL_RBAM_RESTRICTIONS_API) verwendet werden.

Beispiel

*&---------------------------------------------------------------------*
*& Report  Z_RBAM_QUERY_UTILS_DEMO
*&
*&---------------------------------------------------------------------*
*&             Role Based Access Management (RBAM):
*& Sample program to illustrate usage of CL_RBAM_QUERY_UTILS
*&---------------------------------------------------------------------*
REPORT  z_rbam_query_utils_demo.

*&---------------------------------------------------------------------*
*&      Form  main
*&---------------------------------------------------------------------*
* Gets the current user's restrictions for a query of business object
* ESA_SAMPLE_SALES_ORDER, and displays a short message interpreting
* the restrictions' semantic.
*----------------------------------------------------------------------*
FORM main
  RAISING cx_static_check cx_dynamic_check.

  DATA:
    ls_authorization_context TYPE if_esf_types=>ty_authorization_context,
    lf_query_pre_decision    TYPE string.

* Get RBAM restrictions for query results that the current user (SY-UNAME)
* is allowed to read (IF_RBAM_ESF_CONSTANTS=>CO_OPERATION_PATTERN_RETRIEVE)
* in any access context (if_access_context is initial).
  cl_rbam_restrictions_api=>get_restrictions_esf(
    EXPORTING
      if_bo_name            = if_esa_sample_sales_order=>co_bo_name
      if_bo_node_name       = if_esa_sample_sales_order=>co_bo_node-root
*     is_operation          = IF_RBAM_ESF_CONSTANTS=>CO_OPERATION_PATTERN_RETRIEVE
*     if_user               = SY-UNAME
*     if_access_context     =
    IMPORTING
      ef_grant_rule_found   = ls_authorization_context-grant_rule_found
      et_grant_restrictions = ls_authorization_context-grant_restrictions
      ef_deny_rule_found    = ls_authorization_context-deny_rule_found
      et_deny_restrictions  = ls_authorization_context-deny_restrictions
  ).

  lf_query_pre_decision = cl_rbam_query_utils=>get_query_pre_decision(
      if_grant_rule_found   = ls_authorization_context-grant_rule_found
      it_grant_restrictions = ls_authorization_context-grant_restrictions
      if_deny_rule_found    = ls_authorization_context-deny_rule_found
      it_deny_restrictions  = ls_authorization_context-deny_restrictions
  ).

  CASE lf_query_pre_decision.
    WHEN cl_rbam_query_utils=>co_rbam_query_unrestricted.
      WRITE: / sy-uname, 'is authorized for all possible query results'.

    WHEN cl_rbam_query_utils=>co_rbam_query_restricted.
      WRITE: / sy-uname, 'is authorized for some query results'.

    WHEN cl_rbam_query_utils=>co_rbam_query_skip.
      WRITE: / sy-uname, 'is authorized for no query results at all'.
  ENDCASE.

ENDFORM.                    "main

START-OF-SELECTION.
  PERFORM main.

rdisp/max_wprun_time - Maximum work process run time   PERFORM Short Reference  
Diese Dokumentation steht unter dem Copyright der SAP AG.

Length: 4895 Date: 20240423 Time: 185425     sap01-206 ( 43 ms )