Ansicht
Dokumentation
ABENBDL_DEF_OWN_AUTH_CONTEXT - BDL DEF OWN AUTH CONTEXT
CPI1466 during Backup PERFORM Short ReferenceThis documentation is copyright by SAP AG.
- define own authorization context
define own authorization context by privileged mode;
$| define own authorization context by privileged mode and
{
$[AuthObject1;$]
$[AuthObject2;$]
$[...$]
}
$| define own authorization context
{
$[AuthObject1;$]
$[AuthObject2;$]
$[...$]
}
Effect
Defines a full authorization context for a RAP BO. A full authorization context lists one or multiple authorization objects which are checked by the implementation methods of the ABAP behavior pool itself, or by existing code that is called by the ABAP behavior pool implementation. The full authorization context documents the authorization objects used in the implementation of the RAP BO in question.
There exist three different notation options:
- define own authorization context by privileged mode;
- When using this option, the authorization context ContextName specified after with privileged mode disabling ContextName is copied to the full authorization context. In other words, the authorization objects which are disabled in BDEF privileged mode are automatically reused for the full authorization context.
- You can use this notation when the full authorization context is identical to the context used for the privileged mode, that means, when privileged mode disables all authorization objects without exception.
- define own authorization context by privileged mode and {...}
- This syntax variant copies all authorization objects which are disabled in BDEF privileged mode and it allows you to specify further authorization objects AuthObject1, AuthObject2, ... after and for the full authorization context.
- define own authorization context {...}
- When using this option, you must individually list all authorization objects AuthObject1, AuthObject2, .... that are checked in the ABAP behavior pool. This syntax variant is useful for a BDEF without privileged mode.
A full authorization context may be defined before, between, or after the entity behavior definitions. It is possible to define an empty full authorization context define own authorization context { ... }. One CDS behavior definition can have not more than one full authorization context.
A full authorization context is considered in the following cases:
- By transaction SU22 to generate authorization default values.
- By contract checks which enforce a complete and exhaustive full authorization context when switched on.
Availability
- Projection BDEF: a projection BDEF can define a full authorization context independently of the projected BDEF. That means, a full authorization context can be defined in the projection layer even if the projected entity does not have a full authorization context.
Note
- In transaction SAAB, contract check CC_RAP_CONTRACT can be switched on. This contract check enforces a complete and exhaustive full authorization context.
Example
The following managed BDEF defines three authorization contexts:
- ac_2
- ac_priv
- A full authorization context
with privileged mode disabling disables
ac_priv and the full authorization context
reuses the authorization objects listed in ac_priv. It adds one further authorization object to the full authorization context.
Addresses (Business Address Services) BAL Application Log Documentation
This documentation is copyright by SAP AG.
Length: 6537 Date: 20240511 Time: 220143 sap01-206 ( 71 ms )
