Add Authorization

Beginner

20 min.

This tutorial shows you how to enable authentication and authorization for your CAP application.

You will learn

Created by

October 12, 2023

Contributors

Prerequisites

You’ve added a launch page for local testing to your application. Follow the steps in the Use a Local Launch Page tutorial that is part of the Develop a Full-Stack CAP Application Following SAP BTP Developer’s Guide tutorial group.

This tutorial follows the guidance provided in the SAP BTP Developer’s Guide.

Step 1
Open the srv/services.cds file.

To specify restrictions, add the annotate ProcessorService with @(requires: 'support'); and the annotate AdminService with @(requires: 'admin'); lines to the srv/services.cds file:

CDS
Copy
using { sap.capire.incidents as my } from '../db/schema'; /** * Used by support team members to process incidents */ service ProcessorService { ... } annotate ProcessorService.Incidents with @odata.draft.enabled; annotate ProcessorService with @(requires: 'support'); service AdminService { ... } annotate AdminService with @(requires: 'admin');

With these changes, users with the support role can view and change the incidents and customers, while users with the admin role can perform admin activities such as auditing logs.
Step 2
You can create a CAP project in either Node.js or Java. You have to choose one way or the other and follow through. The tabs Node.js and Java provide detailed steps for each alternative way.
Step 3
Currently, there’s no logout functionality. You can clear your browser’s cache or simply close all browser windows to get rid of the login data in your browser. For Google Chrome, restart your browser (complete shutdown and restart) by entering chrome://restart in the address line.

What can you do if you have the support role?
View and change incidents
Audit logs
View and change customers