Provide authorization control for a Business Configuration Maintenance Object

Beginner

30 min.

SAP BTP, ABAP environment, Beginner, Tutorial, ABAP Development, SAP Business Technology Platform

You will learn

How to create an IAM app
How to create Business Catalog
How to create and assign an IAM Business Catalog to a Business Role

Merve TemelFebruary 17, 2023

Created by

May 23, 2022

Contributors

Prerequisites

You need an SAP BTP, ABAP environment license. If you have only a trial account, you can skip this tutorial.
This is the second tutorial of group Create a SAP Fiori based Table Maintenance app. You must complete the tutorials in the given order.
Install ABAP Development Tools. You can also follow step 1 of this tutorial to install ADT.

Authorization control in RAP protects your business object against unauthorized access to data:

To protect data from unauthorized read access, ABAP CDS provides its own authorization concept based on a data control language (DCL).
Modifying operations, such as standard operations and actions can be checked against unauthorized access during RAP runtime.

For this purposes the generated business object is checking authorization object S_TABU_NAM with the CDS entity ZI_ERRORCODE### and activity 03 (read) / 02 (modify).

Step 1
Right-click on package Z_ERROR_CODES_###, select New > Other ABAP Repository Object.

Search for IAM App, select it and click Next >.

Create a new IAM app:
Name: Z_ERROR_CODES_###
Description: Error Codes - Maintenance
Application Type: MBC - Business Configuration App

Click Next >.

Select a Transport Request and click Finish.

Select Services and add a new service.

Select your service:
Service Type: OData V4
Service Name: ZUI_ERRORCODE000_O4

Click OK.

Select Authorizations and add a new authorization object.

Search for S_TABU_NAM and click OK.

Select S_TABU_NAM, select ACTVT under Authorization 0001 to check Change and Display.

Click TABLE and add entity ZI_ERRORCODE###

For the user to see the changes in the Business Configuration Change Logs app, add an additional instance of the authorization object with Display change documents for activity and the table names.

Save the IAM app. Further information on IAM apps can be found here.
Log in to complete tutorial
Step 2
In the overview section of the IAM app, click on Create a new Business Catalog and assign the App to it
Enter the following and click on Next >.
Name: Z_ERROR_CODES_###
Description: Error Codes - Maintenance
Select a Transport Request and click Finish.
Finish the wizard to create the Business Catalog App Assignment.
In the Business Catalog click Publish Locally to be able to test your app in the development system.
Log in to complete tutorial
Step 3
To create a Business Role and assign it to your user, start the SAP Build Work Zone. Or right-click on your ABAP system and select Properties.

Select ABAP Development and click on the system URL.

Logon with a user with the role SAP_BR_ADMINISTRATOR - Administrator

Click Maintain Business Roles.

Click New to create a new Business Role.

Create a new Business Role:
Business Role ID: ZBR_ERROR_CODES_EXPERT_###
Business Role Description: Error Codes Expert

Click Create.

Select Assigned Business Catalogs and click Add.

Search for Z_ERROR_CODES_###, select it and click OK.

Select General Role Details and set Access Category Write, Read, Value Help to Unrestricted

Select Assigned Business Users and click Add.

Select the user responsible for maintaining the error codes and click OK

Click Save to save the Business Role
Log in to complete tutorial
Step 4
Can you add more than one service to a single IAM app?
Yes
No
Log in to complete tutorial