Skip to Content

Create Authorization Model and App in SAP BTP, ABAP Environment

Requires Customer/Partner License
Create IAM Apps, services and catalogs for authorization model in the SAP BTP, ABAP environment.
You will learn
  • How to create authorization fields
  • How to create access controls
  • How to edit authorization default values
  • How to create IAM Apps and services
  • How to create restriction fields and restriction types
  • How to create business catalogs
  • How to create restriction types
mervey45Merve TemelJanuary 7, 2022
Created by
mervey45
May 16, 2019
Contributors
mervey45
mervey45

Prerequisites

  • You need a SAP BTP, ABAP environment license.
  • ADT version 2.96 or higher

In this tutorial, wherever XXX appears, use a number (e.g. 000).

  • Step 1
    1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

      Create authorization field
    2. Search for Authorization Field, select it and click Next>.

      Create authorization field
    3. Create your authorization field:

      • Name: Z_LOCAFXXX

      Click Next>.

      Create authorization field
    4. Click Finish.

      Create authorization field
    5. Edit your authorization field:

      • Data Element: Z_LOCA_DTEL_XXX

      Save and activate.

      Create authorization field
  • Step 2
    1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

      Create authorization object
    2. Search for Authorization Object, select it and click Next>.

      Create authorization object
    3. Create your authorization object:

      • Name: Z_LOCAOXXX
      • Description: Location

      Click Next>.

      Create authorization object
    4. Click Finish.

      Create authorization object
    5. Edit your authorization object and save it. The description and access category will appear then.

      Create authorization object

      Save and activate.

  • Step 3
    1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

      Create Access Control
    2. Search for Access Control, select it and click Next>.

      Create Access Control
    3. Create your access control:

      • Name: Z_I_ROOM_XXX
      • Description: Room

      Click Next>.

      Create Access Control
    4. Click Next>.

      Create Access Control
    5. Select Define Role with PFCG Aspect and click Finish.

      Create Access Control
    6. Edit your service definition:

      ABAP
      Copy
      @EndUserText.label: 'Room'
      @MappingRole: true
      define role Z_I_Room_XXX
      {
        grant
          select
              on
                  Z_I_ROOM_XXX
                      where
                          (location) = aspect pfcg_auth(Z_LOCAOXXX, Z_LOCAFXXX, ACTVT = '03');  
      }
      

      Save and activate.

  • Step 4

    Switch to your behavior implementation, click CTRL + F and search for method validate. Edit following as your validate method.

    ABAP
    Copy
         METHOD validate.
            AUTHORITY-CHECK OBJECT 'Z_LOCAOXXX' ID 'ACTVT' FIELD iv_action ID 'Z_LOCAFXXX' FIELD is_room-location.
            IF sy-subrc <> 0.
              rv_message = 'Not authorized'.
            ENDIF.
        ENDMETHOD.
    

    Save and activate.

  • Step 5
    1. Select your service bindingZ_I_ROOM_BND_XXX and click Default Authorization Values.

      Edit authorization default values
    2. Define following objects:

      Edit authorization default values

      Save and activate.

  • Step 6
    1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

      Create Access Control
    2. Search for IAM App, select it and click Next>.

      Create Access Control
    3. Create your IAM App:

      • Name: Z_ROOM_XXX
      • Description: Room

      Click Next>.

      Create Access Control
    4. Click Finish.

      Create Access Control
    5. Select Services.

      Create Access Control
    6. Add new services.

      Create Access Control
    7. Find your service:

      • Service Type: OData V2
      • Service Name: Z_I_ROOM_BND_XXX_0001

      Add _0001 to your service name to find it.
      Click OK.

      Create Access Control
    8. Click Authorizations.

      Create Access Control
    9. Select following activity. Therefore select Z_LOCAOXXX first and then type your instances and then the activity.

      Create Access Control

      Save and activate.

  • Step 7
    1. Right-click on your package Z_ROOM_XXX and select New > Other ABAP Repository Object.

      Create restriction field and restriction type
    2. Search for restriction field, select it and click Next >.

      Create restriction field and restriction type
    3. Create your restriction field:

      • Name: Z_LOC_RF_XXX
      • Description: Restriction field
      Create restriction field and restriction type
      Click Next >.
    4. Click Finish.

      Create restriction field and restriction type
    5. Add Z_LOCAFXXX as authorization field, save and activate.

      Create restriction field and restriction type
    6. Right-click on your package Z_ROOM_XXX and select New > Other ABAP Repository Object.

      Create restriction field and restriction type
    7. Search for restriction type, select it and click Next >.

      Create restriction field and restriction type
    8. Create your restriction field:

      • Name: Z_LOC_RT_XXX
      • Description: Restriction type for location
      Create restriction field and restriction type
      Click Next >.
    9. Click Finish.

      Create restriction field and restriction type
    10. Add Z_LOC_RF_XXX as restriction field AND Z_LOCAOXXX as restriction object.

      Create restriction field and restriction type

      Save and activate.

  • Step 8
    1. Right-click on Z_ROOM_XXX, select the menu path New > Other ABAP Repository Object.

      Create Access Control
    2. Search for Business Catalog, select it and click Next>.

      Create Access Control
    3. Create your business catalog:

      • Name: Z_ROOM_BC_XXX
      • Description: Room

      Click Next>.

      Create Access Control
    4. Click Finish.

      Create Access Control
    5. Select Apps.

      Create Access Control
    6. Add new Apps.

      Create Access Control
    7. Add your App:

      • App ID: Z_ROOM_XXX_EXT
      • Assignment ID: Z_ROOM_BC_XXX_0001

      Click Next>.

      Create Access Control
    8. Click Finish.

      Create Access Control
    9. Click Publish Locally

      Create Access Control
  • Step 9

    Open your business catalog Z_ROOM_BC_XXX, add Z_LOC_RT_XXX as a restriction type, select write and click Publish Locally.

    Create restriction type
  • Step 10

    Where do you add your field values, for example like add, create, change, display etc.?

Back to top