Skip to Content

Create Authorization in SAP Cloud Platform ABAP environment

test
0 %
Create Authorization in SAP Cloud Platform ABAP environment
Details
// Explore More Tutorials

Create Authorization in SAP Cloud Platform ABAP environment

Requires Customer/Partner License

2019-11-08

Create IAM Apps, services and catalogs for authorization in the SAP Cloud Platform ABAP environment.

You will learn

  • How to create authorization fields
  • How to create access control
  • How to edit authorization default values
  • How to create IAM Apps and services
  • How to create business catalog

In this tutorial, wherever XXX appears, use a number (e.g. 000).


Step 1: Create authorization field
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create authorization field

  2. Search for Authorization Field, select it and click Next>.

    Create authorization field
  3. Create your authorization field:

    • Name: Z_LOCAFXXX

    Click Next>.

    Create authorization field
  4. Click Finish.

    Create authorization field
  5. Edit your authorization field:

    • Data Element: Z_LOCA_DTEL_XXX

    Save and activate.

    Create authorization field
Log on to answer question
Step 2: Create authorization object
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create authorization object

  2. Search for Authorization Object, select it and click Next>.

    Create authorization object
  3. Create your authorization object:

    • Name: Z_LOCAOXXX
    • Description: Location

    Click Next>.

    Create authorization object
  4. Click Finish.

    Create authorization object

  5. Edit your authorization object and save it. The description and access category will appear then.

    Create authorization object

  6. Add WDF as value to authorization field Z_LOCAFXXX.

    Create authorization object

Log on to answer question
Step 3: Create access control
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for Access Control, select it and click Next>.

    Create Access Control

  3. Create your service definition:

    • Name: Z_I_ROOM_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Next>.

    Create Access Control

  5. Select Define Role with PFCG Aspect and click Finish.

    Create Access Control

  6. Edit your service definition:

    @EndUserText.label: 'Room'
    @MappingRole: true
    define role Z_I_Room_XXX
    {
      grant
        select
            on
                Z_I_ROOM_XXX
                    where
                        (location) = aspect pfcg_auth(Z_LOCAOXXX, Z_LOCAFXXX, ACTVT = '03');  
    }
    

    Save and activate.

Log on to answer question
Step 4: Enhance behavior

Switch to your behavior implementation, click CTRL + F and search for method validate. Edit following as your validate method.

     METHOD validate.
        AUTHORITY-CHECK OBJECT 'Z_LOCAOXXX' ID 'ACTVT' FIELD iv_action ID 'Z_LOCAFXXX' FIELD is_room-location.
        IF sy-subrc <> 0.
          rv_message = 'Not authorized'.
        ENDIF.
    ENDMETHOD.

Save and activate.

Log on to answer question
Step 5: Edit authorization default values
  1. Open your default authorization value Z_I_ROOM_BND_XXX.

    Edit authorization default values

  2. Copy Z_LOCAOXXX as an authorization and click on your error message on the top right corner. Check your result.

    Edit authorization default values

  3. Set your default values for objects S_SERVICE and Z_LOCAOXXX.

Log on to answer question
Step 6: Create IAM app & add service
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for IAM App, select it and click Next>.

    Create Access Control

  3. Create your IAM App:

    • Name: Z_ROOM_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Finish.

    Create Access Control

  5. Select Services.

    Create Access Control

  6. Add new services.

    Create Access Control

  7. Find your service:

    • Service Type: OData V2
    • Service Name: Z_I_ROOM_BND_XXX_0001

    Add _0001 to your service name to find it.
    Click OK.

    Create Access Control
  8. Click Authorizations.

    Create Access Control

  9. Add new authorization objects.

    Create Access Control

  10. Search Z_LOCAOXXX and click OK.

    Create Access Control

  11. Check your result.

    Create Access Control

  12. Select Authorization_0001 and click Edit….

    Create Access Control

  13. Check all field values and click OK.

    Create Access Control

  14. Add WDF to Z_LOCAFXXX.
    Save and activate.

    Create Access Control

Log on to answer question
Step 7: Create business catalog & add IAM app
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for Business Catalog, select it and click Next>.

    Create Access Control

  3. Create your business catalog:

    • Name: Z_ROOM_BC_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Finish.

    Create Access Control

  5. Select Apps.

    Create Access Control

  6. Add new Apps.

    Create Access Control

  7. Add your App:

    • App ID: Z_ROOM_XXX_EXT
    • Assignment ID: Z_ROOM_BC_XXX_0001

    Click Next>.

    Create Access Control
  8. Click Finish.

    Create Access Control

  9. Click Publish Locally

    Create Access Control

Log on to answer question
Step 8: Test yourself
Where do you add your field values, for example like add, create, change, display etc.?
×

Next Steps

Prerequisites

  • SAP Cloud Platform ABAP Environment user
  • ADT version 2.96 or higher
Back to top