Skip to Content

Create Authorization Model and App in SAP Cloud Platform ABAP Environment

test
0 %
Create Authorization Model and App in SAP Cloud Platform ABAP Environment
Details

Create Authorization Model and App in SAP Cloud Platform ABAP Environment

Requires Customer/Partner License
July 9, 2020
Created by
May 16, 2019
Create IAM Apps, services and catalogs for authorization model in the SAP Cloud Platform ABAP, environment.

You will learn

  • How to create authorization fields
  • How to create access controls
  • How to edit authorization default values
  • How to create IAM Apps and services
  • How to create restriction fields and restriction types
  • How to create business catalogs
  • How to create restriction types

Prerequisites

  • SAP Cloud Platform ABAP, environment user
  • ADT version 2.96 or higher

In this tutorial, wherever XXX appears, use a number (e.g. 000).


Step 1: Create authorization field
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create authorization field

  2. Search for Authorization Field, select it and click Next>.

    Create authorization field
  3. Create your authorization field:

    • Name: Z_LOCAFXXX

    Click Next>.

    Create authorization field
  4. Click Finish.

    Create authorization field
  5. Edit your authorization field:

    • Data Element: Z_LOCA_DTEL_XXX

    Save and activate.

    Create authorization field
Log on to answer question
Step 2: Create authorization object
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create authorization object

  2. Search for Authorization Object, select it and click Next>.

    Create authorization object
  3. Create your authorization object:

    • Name: Z_LOCAOXXX
    • Description: Location

    Click Next>.

    Create authorization object
  4. Click Finish.

    Create authorization object

  5. Edit your authorization object and save it. The description and access category will appear then.

    Create authorization object

    Save and activate.

Log on to answer question
Step 3: Create access control
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for Access Control, select it and click Next>.

    Create Access Control

  3. Create your access control:

    • Name: Z_I_ROOM_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Next>.

    Create Access Control

  5. Select Define Role with PFCG Aspect and click Finish.

    Create Access Control

  6. Edit your service definition:

    @EndUserText.label: 'Room'
    @MappingRole: true
    define role Z_I_Room_XXX
    {
      grant
        select
            on
                Z_I_ROOM_XXX
                    where
                        (location) = aspect pfcg_auth(Z_LOCAOXXX, Z_LOCAFXXX, ACTVT = '03');  
    }
    

    Save and activate.

Log on to answer question
Step 4: Enhance behavior

Switch to your behavior implementation, click CTRL + F and search for method validate. Edit following as your validate method.

     METHOD validate.
        AUTHORITY-CHECK OBJECT 'Z_LOCAOXXX' ID 'ACTVT' FIELD iv_action ID 'Z_LOCAFXXX' FIELD is_room-location.
        IF sy-subrc <> 0.
          rv_message = 'Not authorized'.
        ENDIF.
    ENDMETHOD.

Save and activate.

Log on to answer question
Step 5: Edit authorization default values
  1. Select your service bindingZ_I_ROOM_BND_XXX and click Default Authorization Values.

    Edit authorization default values

  2. Define following objects:

    Edit authorization default values

    Save and activate.

Log on to answer question
Step 6: Create IAM app & add service
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for IAM App, select it and click Next>.

    Create Access Control

  3. Create your IAM App:

    • Name: Z_ROOM_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Finish.

    Create Access Control

  5. Select Services.

    Create Access Control

  6. Add new services.

    Create Access Control

  7. Find your service:

    • Service Type: OData V2
    • Service Name: Z_I_ROOM_BND_XXX_0001

    Add _0001 to your service name to find it.
    Click OK.

    Create Access Control
  8. Click Authorizations.

    Create Access Control

  9. Select following activity:

    Create Access Control

    Save and activate.

Log on to answer question
Step 7: Create restriction field and restriction type
  1. Right-click on your package Z_ROOM_XXX and select New > Other ABAP Repository Object.

    Create restriction field and restriction type
  2. Search for restriction field, select it and click Next >.

    Create restriction field and restriction type
  3. Create your restriction field:

    • Name: Z_LOC_RF_XXX
    • Description: Restriction field

    Create restriction field and restriction type

    Click Next >.
  4. Click Finish.

    Create restriction field and restriction type
  5. Add Z_LOCAFXXX as authorization field, save and activate.

    Create restriction field and restriction type
  6. Right-click on your package Z_ROOM_XXX and select New > Other ABAP Repository Object.

    Create restriction field and restriction type
  7. Search for restriction type, select it and click Next >.

    Create restriction field and restriction type
  8. Create your restriction field:

    • Name: Z_LOC_RT_XXX
    • Description: Restriction type for location
    Create restriction field and restriction typeClick Next >.
  9. Click Finish.

    Create restriction field and restriction type
  10. Add Z_LOC_RF_XXX as restriction field AND Z_LOCAOXXX as restriction object.

    Create restriction field and restriction type

    Save and activate.

Log on to answer question
Step 8: Create business catalog & add IAM app
  1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

    Create Access Control

  2. Search for Business Catalog, select it and click Next>.

    Create Access Control

  3. Create your business catalog:

    • Name: Z_ROOM_BC_XXX
    • Description: Room

    Click Next>.

    Create Access Control
  4. Click Finish.

    Create Access Control

  5. Select Apps.

    Create Access Control

  6. Add new Apps.

    Create Access Control

  7. Add your App:

    • App ID: Z_ROOM_XXX_EXT
    • Assignment ID: Z_ROOM_BC_XXX_0001

    Click Next>.

    Create Access Control
  8. Click Finish.

    Create Access Control

  9. Click Publish Locally

    Create Access Control

Log on to answer question
Step 9: Create restriction type

Open your business catalog Z_ROOM_BC_XXX, add Z_LOC_RT_XXX as a restriction type, select write and click Publish Locally.

Create restriction type
Log on to answer question
Step 10: Test yourself
Where do you add your field values, for example like add, create, change, display etc.?
×

Next Steps

Back to top