ABAPGET_PERMISSIONS - GET PERMISSIONS

BAL Application Log Documentation   BAL Application Log Documentation  
This documentation is copyright by SAP AG.

GET PERMISSIONS

GET PERMISSIONS, Short Form

1. GET PERMISSIONS $[PRIVILEGED$] $[ only_clause$]
      ENTITY bdef $[FROM keys$] REQUEST request RESULT result_tab $[response_param$].

GET PERMISSIONS, Long Form

2. GET PERMISSIONS $[PRIVILEGED$] $[ only_clause$] OF bdef
     ENTITY bdef1 $[FROM keys$] REQUEST request RESULT result_tab
    $[ENTITY bdef2 $[FROM keys$] REQUEST request RESULT result_tab$]
    $[...$]
    $[response_param$].

GET PERMISSIONS, Dynamic Form

3. GET PERMISSIONS $[only_clause$] OPERATIONS perm_tab $[response_param$].

Effect

Retrieves information about permissions of RAP BOs. Permissions are defined on operation and field level, for example, operations can be disabled and fields can be set to read-only. Permissions are checked when EML requests are processed by the RAP runtime but they can also be requested upfront by RAP BO consumer via a GET PERMISSIONS statement. The permissions cover multiple aspects:

• Global and instance authorization

• Global authorization: Checks whether the current user is allowed to execute an operation in general, i. e. independent of the data to be processed, for example, a user must not change data.

• Instance authorization: Authorization checks that can be defined based on a concrete value of an instance's field.

• Global and instance feature control

• Global feature control: Feature controls that depend on external factors like specific user settings or the business scope.

• Instance feature control: Checks depending on the state of an entity instance.

• Static feature control: Specifies individual fields of an entity that have certain access restrictions, for example, fields that are marked as readonly in the BDEF.

For all characteristics, the permission retrieval must be self-implemented in RAP BO provider implementations except for static feature controls. In latter case, the access restriction is directly defined in the BDEF. One example is when a field is marked as readonly.

The handling and consolidation of the permission result as well as general best practices are outlined in the topic GET PERMISSIONS, Guidelines. One example is when the permission result contains merged information. Among others, static feature controls are merged with global feature controls.

Permissions can be retrieved for the following:

• Create, update and delete operations

• Associations with create-by-association operations

• Fields

• Actions

Note: Permissions cannot be retrieved for internal elements like internal associations and internal actions. For virtual elements in projections, there are only static features available.

The following variants of the GET PERMISSIONS statement can be used:

• GET PERMISSIONS, Short Form
  Used to retrieve information on permissions for instances of a single entity.
  

• GET PERMISSIONS, Long Form
  Used for collecting multiple queries on multiple entities of a RAP BO.
  

• GET PERMISSIONS OPERATIONS, Dynamic Form
  Collects permission queries of multiple RAP BO entities in one GET PERMISSIONS statement.
  
  
  
  

• The example - GET PERMISSIONS, Variants demonstrates the three different variants with a simple managed RAP BO.

• The example - GET PERMISSIONS, only_clause demonstrates the different variants of the only_clause with a simple managed RAP BO.

• The example - RAP Calculator (Unmanaged) uses a GET PERMISSIONS statement with a simple unmanaged RAP BO. In this case, permissions are requested if a calculation based on entries provided is possible or not. For example, it is disallowed if a division by 0 should be executed.

Vendor Master (General Section)   Vendor Master (General Section)  
This documentation is copyright by SAP AG.

Length: 6898 Date: 20221127 Time: 034119     sap01-206 ( 83 ms )