Skip to Content

Providing Authorization Control for a Business Configuration Maintenance Object

Beginner
30 min.
ABAP Extensibility, Beginner, SAP BTP ABAP environment, SAP S/4HANA Cloud, ABAP environment, Tutorial, ABAP Development, ABAP platform
Providing Authorization Control for a Business Configuration Maintenance Object
You will learn
  • How to create an IAM app
  • How to create Business Catalog
  • How to create and assign an IAM Business Catalog to a Business Role
sepp4mePatrick WinklerSeptember 18, 2024
Created by
mervey45
March 21, 2023
Contributors
mervey45
sepp4me

Prerequisites

  • You need an SAP BTP, ABAP environment license. If you have only a trial account, you can skip this tutorial.
  • This tutorial also works in an SAP S/4HANA Cloud, public edition system.
  • This is the second tutorial of group Create a SAP Fiori based Table Maintenance app. You must complete the tutorials in the specified order.

Authorization control in RAP protects your business object from unauthorized access to data:

  • To protect data from unauthorized read access, ABAP CDS provides its own authorization concept based on a data control language (DCL).
  • Modify operations such as standard operations and actions can be checked against unauthorized access during RAP runtime.

For this purposes, the generated business object checks the authorization object S_TABU_NAM with the CDS entity ZI_ERRORCODE### and the activity 03 (read) / 02 (modify).

To consume the service of the generated business object in the CUBCO app, you must define an IAM app and assign the service to the app. This ensures that you can define the required authorizations.

First, you create the IAM app yourself. As a next step, you create a business catalog and a business role that you can assign to your business user.

  • Step 1

    1. Right-click the package Z_ERROR_CODES_### and choose New > Other ABAP Repository Object.

      New repository object

    2. Search for IAM App, select it and click Next >.

      New IAM app

    3. Create new IAM app:

      • Name: Z_ERROR_CODES_###
      • Description: Error Codes - Maintenance
      • Application Type: Business Configuration App
      Enter IAM app definition
      Click Next >.

    4. Select a Transport Request and click Finish.

    5. Choose Services and add a new service.

      Add service to IAM app

    6. Select your service:

      • Service Type: OData V4
      • Service Name: ZUI_ERRORCODE###_O4
      Select service
      Click OK.

    7. Choose Authorizations and add a new authorization object.

      Add authorization object

    8. Search for S_TABU_NAM and click OK.

      Search for authorization object S_TABU_NAM

    9. Select S_TABU_NAM, select ACTVT under Authorization 0001 to check Change and Display.

      Select Change and Display

    10. Click TABLE and add entity ZI_ERRORCODE###. A CDS entity can be specified for the field TABLE.

      Add entity
      • (Optional) To display the change logs for tables, users must have the authorization for the object S_TABU_NAM with Display change documents for ACTVT and the name of the table for TABLE
      • (Optional) To upload content for tables, users must have the authorization for the object S_TABU_NAM with Change for ACTVT and the name of the table for TABLE
    11. Save the IAM app. For more information about IAM apps, see here.
  • Step 2
    1. In the overview section of the IAM app, click on Create a new Business Catalog and assign the App to it
      Create a new Business Catalog
    2. Enter the following and click Next >.
      • Name: Z_ERROR_CODES_###
      • Description: Error Codes - Maintenance

    3. Select a Transport Request and click Finish.

    4. The wizard for creating a Business Catalog App Assignment opens automatically. Click Next >. Select a Transport Request and click Finish.

    5. In the Business Catalog, click Publish Locally to be able to test your app in the development system.

      Publish locally
  • Step 3

    1. To create a Business Role and assign it to your user, launch the SAP Fiori Launchpad. Log on with a user with the role SAP_BR_ADMINISTRATOR - Administrator

    2. Open the Maintain Business Roles app.

      Start Maintain Business Roles app

    3. Click New to create a new Business Role.

      Create new Business Role

    4. Create a new Business Role:

      • Business Role ID: ZBR_ERROR_CODES_EXPERT_###
      • Business Role Description: Error Codes Expert
      Click Create.

    5. Select Business Catalogs and click Add.

      Add Business Catalog

    6. Search for Z_ERROR_CODES_###, select it and click OK.

      Select Business Catalog

    7. Select General Role Details and set Access Category Write, Read, Value Help to Unrestricted. If you set Access Category Write, Read, Value Help to No Access, the user can only read the content, but not change it.

      Set Access Category to unrestricted

    8. Select Business Users and click Add.

      Add Business User

    9. Select the user responsible for maintaining the error codes and click OK

    10. Click Save to save the Business Role

  • Step 4

    Can you add more than one service to a single IAM app?

Back to Top
Back to top