Kontakt

Ansicht
Dokumentation

ABENBDL_AUTHORIZATION_PROJECTION - BDL AUTHORIZATION PROJECTION

ABENBDL_AUTHORIZATION_PROJECTION - BDL AUTHORIZATION PROJECTION

BAL_S_LOG - Application Log: Log header data   Vendor Master (General Section)  
This documentation is copyright by SAP AG.
SAP E-Book

- authorization, Projection BDEF

Declaration on entity level

... authorization ${( global )
                  $|( instance )
                  $|( global,instance )$}  ...

Declaration that can be used in the entity behavior body for an action

... authorization:none
    authorization:update ...



Effect

In a projection BDEF, the authorization control from the underlying base BDEF is inherited. This controls CRUD operations and actions that are reused in the projection using the use action syntax.

Projections can also define their own actions as described in topic CDS BDL - actions and functions, projection BDEF. For these actions, it is possible to configure authorization control in the projection layer. For global authorization, this is done in the RAP handler method FOR GLOBAL AUTHORIZATION in the local ABAP behavior pool. For instance authorization, this is done in the RAP handler method FOR INSTANCE AUTHORIZATION in the local ABAP behavior pool.

Authorization control in projection BDEFs is similar to authorizations in base BDEFs (see topic CDS BDL - authorization). Here are the main differences:

  • To define authorization control in a projection BDEF, the projection BDEF must be declared as strict.
  • There is no master/dependent relation. Each projection definition must declare for itself whether it has instance authorization, global authorization, or both.

authorization:none excludes the operation in question from authorization checks. See topic CDS BDL - authorization:none for further details.

If authorization:update is used, the operation in question has the same authorization control that is defined in the base BDEF for the update operation. As a prerequisite, it is required that the projection BDEF defines authorization control in its entity behavior characteristics. This configuration in the projection BDEF, however, (instance or global) has no impact, the settings from the base BO (instance, global, or both) are fully reused. See the second example listed in this topic.

  • Development guide for the ABAP RESTful Application Programming Model, topic Authorization Definition.

Note

In UI scenarios, authorization control is displayed as RAP consumer hint.

Example - Global Authorization Control in Projection BDEF

The following example shows a projection BDEF that defines a new action with authorization control in the projection layer. It is based on the underlying base BO DEMO_RAP_UNMANAGED_AUTH. It defines the new action deductDicounts in the projection layer. For this action, global authorization control is specified.

The ABAP behavior pool implements the global authorization control and the new action.

Global authorization control: In this simple example, the condition for global authorization control is always true.

Action deductDiscount: The user can specify a discount percentage. This discount percentage is subtracted from the initial value of field dec_field.

The ABAP program DEMO_RAP_PROJ_NEW_ACTION uses EML to access to RAP business object. It first creates two new entity instances and then executes the action deductDiscount for both of them.

Before executing the action, the RAP frameworks calls the method for global authorization control and checks whether the RAP BO consumer is allowed to execute the action.

Example - authorization:update

The following example shows a projection BDEF that defines a new action with the syntax addition authorization:update. It is based on the underlying base BO DEMO_RAP_EARLY_NUMBERING.

The ABAP behavior pool implements the action UpdateDataField. This action sets the value of the field DataField to A.

The ABAP program DEMO_RAP_PROJ_AUTH uses EML to access to RAP business object. It first creates two new entity instances and then executes the action UpdateDataField for one of them. As a result, the field DataField of the respective entity instance is set to A.

Before executing the action, the RAP frameworks calls the base BDEF's method for global authorization control and checks whether the RAP BO consumer is allowed to execute the action. In his example, update authorization is granted.






ABAP Short Reference   Vendor Master (General Section)  
This documentation is copyright by SAP AG.

Length: 8323 Date: 20240424 Time: 072410     sap01-206 ( 91 ms )