Monday, 28 November 2022

ABAP RAP – Global Authorization

In this beginner blog post we are going to see how we can use Authorizations (Global Authorization) in ABAP Restful Application Programming Model.

What is Authorization in RAP


Authorization control in RAP protects your business object against unauthorized access and operations (Create, Update, Delete). Authorization control is always relevant when the permission to execute an operation depends on the role.

In RAP each read or modify request can be checked via authorization objects against user roles before the request is finally executed.

Global Authorization

Global authorization is used for all authorization checks. You can define global authorization to check if users are allowed to execute an operation in general (CREATE, UPDATE, DELETE). authorization master (global)

Instance Authorization

Instance authorization is used for all authorization checks, in addition to the user role. With instance authorization, you can define authorization on a field or operation (UPDATE, DELETE). Instance authorization is only possible for instance-based operations. authorization instance ()

Step 1


Add global keyword in Behavior Definition file.

Define global authorization in the behavior definition and implement it in the behavior implementation class

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Step 2


Add method in Behavior Definition Implementation class.

Use quick fix option available to generate the method declaration for the authorization control in the behavior Implementation from behavior definition editor.

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Got new method Definition, which is used to put custom code for Authorization Check

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Step 3


Implement GET_GLOBAL_AUTHORIZATION method with below code.

REQUESTED_AUTHORIZATION is Importing parameter which identified which authorization control is requested by user.

In our demo scenario we have requested UPDATE or EDIT authorization.

RESULT parameter is available which must be filled with AUTHORIZATION result.

  METHOD get_global_authorizations.

*   Check if EDIT operation is triggered or not 
    IF requested_authorizations-%update = if_abap_behv=>mk-on OR
        requested_authorizations-%action-Edit   = if_abap_behv=>mk-on.

*     Check method IS_UPDATE_ALLOWED (Authorization simulation Check method)
      IF is_update_allowed( ) = abap_true.

*       update result with EDIT Allowed
        result-%update = if_abap_behv=>auth-allowed.
        result-%action-Edit = if_abap_behv=>auth-allowed.

      ELSE.

*       update result with EDIT Not Allowed
        result-%update = if_abap_behv=>auth-unauthorized.
        result-%action-Edit = if_abap_behv=>auth-unauthorized.

      ENDIF.
    ENDIF.
  ENDMETHOD.
 

Testing Global Auth. Implementation


Simulating IS_UPDATE_ALLOWED method for Authorization Object Check by returning ABAP_TRUE, which says Authorization check passed.

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Edit option is available since the method is_update_allowed returned ABAP_TRUE, which is simulation for Actual Authorization Object returned ABAP_TRUE

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Simulating IS_UPDATE_ALLOWED method for Authorization Object Check by returning ABAP_FALSE, which says Authorization check failed.

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

Edit option is not available since the method IS_UPDATE_ALLOWED returned ABAP_FALSE, which is simulation for Actual Authorization Object returned ABAP_FALSE

SAP BTP, SAP ABAP Environment, SAP ABAP Development, SAP ABAP RESTful Application Programming Model, SAP Business Application Studio, SAP Fiori, SAP Fiori Elements

No comments:

Post a Comment