Ansicht
Dokumentation
ABENBDL_AUTHORIZATION_ABEXA - BDL AUTHORIZATION ABEXA
General Data in Customer Master General Material DataThis documentation is copyright by SAP AG.
- Global Authorization
This example demonstrates how a global authorization check is defined, implemented, and consumed in an unmanaged RAP BO.
Data model
The CDS data model consists of the root entity DEMO_RAP_UNMANAGED_AUTH and its child entity DEMO_RAP_UNMANAGED_AUTH_CHILD.
Root entity:
Child entity:
Behavior definition
The CDS behavior definition
DEMO_RAP_UNMANAGED_AUTH is defined in
CDS BDL as shown below. It defines the root view entity as
authorization master entity and the child entity as authorization dependent entity.
Behavior implementation
For the above CDS behavior definition, one ABAP behavior pool (ABP) is created. The global class of the behavior pool is BP_DEMO_RAP_UNMANAGED_AUTH. This global class implements the method get_global_auth for global authorization control (see BP_DEMO_RAP_UNMANAGED_AUTH====CCIMP). It works as follows:
- For incoming update requests, authorization is always granted.
- For incoming delete requests, authorization is always rejected and an error message is written into the REPORTED structure.
- This is a very simple example to demonstrate how to implement global authorizations. A realistic implementation requires an instance-independent authorization check, for example, based on authorization objects.
Source Code
Description
Access with ABAP using EML
The above source code uses EML to access the RAP business object from an ABAP program:
- Three instances of the parent entity and two instances of the child entity are created with the statement MODIFY ENTITY.
- Two instances of the parent entity are updated. This update is authorized.
- The EML consumer tries to delete an instance of the parent entity and an instance of the child entity. The delete operation on the parent entity is not authorized and the operation fails. The delete operation on the child entity is directed to the authorization master entity (in this example the same as the parent entity). It is interpreted as update request of the authorization master entity. Update operations are authorized, so the delete operation of the child entity instance is successful.
- Using the SELECT statement, the content of the parent and child tables after the create, update, and delete operations are displayed. For the failed delete operation of the parent entity, an error message is returned.
BAL_S_LOG - Application Log: Log header data BAL Application Log Documentation
This documentation is copyright by SAP AG.
Length: 3757 Date: 20240418 Time: 212758 sap01-206 ( 61 ms )