Skip to Content

Provide authorization control for a Business Configuration Maintenance Object

Provide authorization control for a Business Configuration Maintenance Object
You will learn
  • How to create an IAM app
  • How to create Business Catalog
  • How to create and assign an IAM Business Catalog to a Business Role
mervey45Merve TemelAugust 18, 2022
Created by
May 23, 2022


Authorization control in RAP protects your business object against unauthorized access to data:

  • To protect data from unauthorized read access, ABAP CDS provides its own authorization concept based on a data control language (DCL).
  • Modifying operations, such as standard operations and actions can be checked against unauthorized access during RAP runtime.

For this purposes the generated business object is checking authorization object S_TABU_NAM with the CDS entity ZI_ERRORCODE### and activity 03 (read) / 02 (modify).

  • Step 1
    1. Right-click on package Z_ERROR_CODES_###, select New > Other ABAP Repository Object.

      New repository object
    2. Search for IAM App, select it and click Next >.

      New IAM app
    3. Create a new IAM app:

      • Name: Z_ERROR_CODES_###
      • Description: Error Codes - Maintenance
      • Application Type: MBC - Business Configuration App
      Enter IAM app definition
      Click Next >.
    4. Select a Transport Request and click Finish.

    5. Select Services and add a new service.

      Add service to IAM app
    6. Select your service:

      • Service Type: OData V4
      • Service Name: ZUI_ERRORCODE000_O4
      Select service
      Click OK.
    7. Select Authorizations and add a new authorization object.

      Add authorization object
    8. Search for S_TABU_NAM and click OK.

      Search for authorization object S_TABU_NAM
    9. Select S_TABU_NAM, select ACTVT under Authorization 0001 to check Change and Display.

      Select Change and Display
    10. Click TABLE and add entity ZI_ERRORCODE###

      Add entity
    11. For the user to see the changes in the Business Configuration Change Logs app, add an additional instance of the authorization object with Display change documents for activity and the table names.

      Select display change documents
    12. Save the IAM app. Further information on IAM apps can be found here.

  • Step 2
    1. In the overview section of the IAM app, click on Create a new Business Catalog and assign the App to it
      Create a new Business Catalog
    2. Enter the following and click on Next >.
      • Name: Z_ERROR_CODES_###
      • Description: Error Codes - Maintenance
      Business Catalog definition
    3. Select a Transport Request and click Finish.

    4. Finish the wizard to create the Business Catalog App Assignment.

      Business Catalog App Assignment
    5. In the Business Catalog click Publish Locally to be able to test your app in the development system.

      Publish locally
  • Step 3
    1. To create a Business Role and assign it to your user, start the Fiori Launchpad. Or right-click on your ABAP system and select Properties.

      Select properties
    2. Select ABAP Development and click on the system URL.

      Click on the system URL
    3. Logon with a user with the role SAP_BR_ADMINISTRATOR - Administrator

    4. Click Maintain Business Roles.

      Start Maintain Business Roles app
    5. Click New to create a new Business Role.

      Create new Business Role
    6. Create a new Business Role:

      • Business Role ID: ZBR_ERROR_CODES_EXPERT_###
      • Business Role Description: Error Codes Expert
      Business Role definition
      Click Create.
    7. Select Assigned Business Catalogs and click Add.

      Add Business Catalog
    8. Search for Z_ERROR_CODES_###, select it and click OK.

      Select Business Catalog
    9. Select General Role Details and set Access Category Write, Read, Value Help to Unrestricted

      Set Access Category to unrestricted
    10. Select Assigned Business Users and click Add.

      Add Business User
    11. Select the user responsible for maintaining the error codes and click OK

    12. Click Save to save the Business Role

  • Step 4

    Can you add more than one service to a single IAM app?

Back to top