Authorizations in RAP

Authorizations in RAP
Estimated read time 7 min read

Hi all

in this blog I have explained the authorizations in RAP 

Global Authorization  and instance authorization.

Authorizations in RAP.  

  Authorization Control  

Authorization control in RAP protects the RAP BO from unauthorized access to data. The authorization for consumers is managed and maintained by the system administrator but developers would sometime need to implement the controls.  

Authorization checks for read operations are handled by CDS Entities and the checks for modify operations are handled in behavior definition.  

  

   

Authorization Checks for Read Operations  

ABAP CDS provides its own authorization concept based on a data control language (DCL).  Access control allows you to limit the results returned by a CDS entity to those results you authorize a user to see.  DCL is also automatically evaluated in Managed Scenario but must be handled in case of unmanaged scenarios.  

  Global Authorizations.

Global authorization is used for all authorization checks that only depend on conditions which are not specific to the entity instance. For example, checking whether the user is authorized. Global Authorizations can be set for the operations below.  

Create   Create-by-association  Update  Delete  Static Actions  Instance Actions

In the Behavior definition define the authorization and type of authorization.

 

In the implementation class implementing a method get_global_autorizations.

 

METHOD get_global_authorizations.

if requested_authorizations-%update = if_abap_behv=>mk-on
or
requested_authorizations-%action-edit = if_abap_behv=>mk-on.

if is_update_allowed( ) = abap_true.
result-%update = if_abap_behv=>auth-allowed.
result-%action-edit = if_abap_behv=>auth-allowed.
ELSE.
result-%update = if_abap_behv=>auth-unauthorized.
result-%action-edit = if_abap_behv=>auth-unauthorized.
ENDIF.
ENDIF.
ENDMETHOD.

method is_update_allowed.
update_allowed = abap_false.
ENDMETHOD

 

 

Authorizations access  is not provided for the users  not allowed to update the data,edit option is not available.

 

 

 

If the authorization is provided for the user, the edit option in the page   

Should  be present.  

 Here the authorization is allowed for the user to edit the data.  

 

method is_update_allowed.
update_allowed = abap_true.
ENDMETHOD.

 

Here updated the Booking price and overall status ,it updated to changed value.

 

 

 

 

Instance Authorization.  

Used for all authorization checks that depend on the state of the entity instance. For example, define authorization that depends on the field value of the instance. Instance Authorizations can be set for the operations below.  

Create-by-association  Update  Delete  Instance Actions  

Define Instance Authorization in Behavior Definition:  

In  behavior definition for the “Travel” entity, define the instance authorization. You’ll need to specify the authorization master (global and instance) for the travel entity.  

 

  

For example:  

Add Instance keyword in Behavior Definition file.    

Define Instance authorization in the behavior definition and implement it in the behavior implementation class.  

In the  behavior pool  implement the method get_instance_authorizations .

 

METHOD get_instance_authorizations.
DATA: update_requested type abap_bool,
update_grtanted TYPE abap_bool.
READ ENTITIES OF znp_i_travel IN LOCAL MODE
ENTITY znp_i_travel
FIELDS ( AgencyId ) WITH CORRESPONDING #( keys )
RESULT DATA(traveldata)
FAILED failed.

CHECK traveldata is not initial.

update_requested = COND #( WHEN requested_authorizations-%update = if_abap_behv=>mk-on OR

requested_authorizations-%action-edit = if_abap_behv=>mk-on THEN

abap_true ELSE abap_false ).

loop at traveldata ASSIGNING FIELD-SYMBOL(<lfs_traveldata>).

update_grtanted = is_update_allowed( ).

if update_grtanted = abap_false.

APPEND VALUE #( %tky = <lfs_traveldata>-%tky ) to failed-znp_i_travel.

APPEND VALUE #( %tky = keys[ 1 ]-%tky

%msg = new_message_with_text(

severity = if_abap_behv_message=>severity-error

text = ‘No Authorization to update ‘

)

) to reported-znp_i_travel.

endif.

endloop.
ENDMETHOD.

 

 

For the user Authorization is not allowed , It will give error message that ‘No authorization  to update the data’.

If the Authorization access is provided for the user allowed to update the data.

 

 

METHOD is_update_allowed.
update_allowed = abap_true.
ENDMETHOD.

 

In this data updating the booking fee  It should updated to the changed value.

Data is updated to the changed values .

 

 

 

​ Hi allin this blog I have explained the authorizations in RAP Global Authorization  and instance authorization.Authorizations in RAP.    Authorization Control  Authorization control in RAP protects the RAP BO from unauthorized access to data. The authorization for consumers is managed and maintained by the system administrator but developers would sometime need to implement the controls.  Authorization checks for read operations are handled by CDS Entities and the checks for modify operations are handled in behavior definition.       Authorization Checks for Read Operations  ABAP CDS provides its own authorization concept based on a data control language (DCL).  Access control allows you to limit the results returned by a CDS entity to those results you authorize a user to see.  DCL is also automatically evaluated in Managed Scenario but must be handled in case of unmanaged scenarios.    Global Authorizations.Global authorization is used for all authorization checks that only depend on conditions which are not specific to the entity instance. For example, checking whether the user is authorized. Global Authorizations can be set for the operations below.  Create   Create-by-association  Update  Delete  Static Actions  Instance ActionsIn the Behavior definition define the authorization and type of authorization. In the implementation class implementing a method get_global_autorizations. METHOD get_global_authorizations.

if requested_authorizations-%update = if_abap_behv=>mk-on
or
requested_authorizations-%action-edit = if_abap_behv=>mk-on.

if is_update_allowed( ) = abap_true.
result-%update = if_abap_behv=>auth-allowed.
result-%action-edit = if_abap_behv=>auth-allowed.
ELSE.
result-%update = if_abap_behv=>auth-unauthorized.
result-%action-edit = if_abap_behv=>auth-unauthorized.
ENDIF.
ENDIF.
ENDMETHOD.

method is_update_allowed.
update_allowed = abap_false.
ENDMETHOD  Authorizations access  is not provided for the users  not allowed to update the data,edit option is not available.   If the authorization is provided for the user, the edit option in the page   Should  be present.   Here the authorization is allowed for the user to edit the data.   method is_update_allowed.
update_allowed = abap_true.
ENDMETHOD.

 Here updated the Booking price and overall status ,it updated to changed value.    Instance Authorization.  Used for all authorization checks that depend on the state of the entity instance. For example, define authorization that depends on the field value of the instance. Instance Authorizations can be set for the operations below.  Create-by-association  Update  Delete  Instance Actions  Define Instance Authorization in Behavior Definition:  In  behavior definition for the “Travel” entity, define the instance authorization. You’ll need to specify the authorization master (global and instance) for the travel entity.     For example:  Add Instance keyword in Behavior Definition file.    Define Instance authorization in the behavior definition and implement it in the behavior implementation class.  In the  behavior pool  implement the method get_instance_authorizations . METHOD get_instance_authorizations.
DATA: update_requested type abap_bool,
update_grtanted TYPE abap_bool.
READ ENTITIES OF znp_i_travel IN LOCAL MODE
ENTITY znp_i_travel
FIELDS ( AgencyId ) WITH CORRESPONDING #( keys )
RESULT DATA(traveldata)
FAILED failed.

CHECK traveldata is not initial.

update_requested = COND #( WHEN requested_authorizations-%update = if_abap_behv=>mk-on OR

requested_authorizations-%action-edit = if_abap_behv=>mk-on THEN

abap_true ELSE abap_false ).

loop at traveldata ASSIGNING FIELD-SYMBOL(<lfs_traveldata>).

update_grtanted = is_update_allowed( ).

if update_grtanted = abap_false.

APPEND VALUE #( %tky = <lfs_traveldata>-%tky ) to failed-znp_i_travel.

APPEND VALUE #( %tky = keys[ 1 ]-%tky

%msg = new_message_with_text(

severity = if_abap_behv_message=>severity-error

text = ‘No Authorization to update ‘

)

) to reported-znp_i_travel.

endif.

endloop.
ENDMETHOD.   For the user Authorization is not allowed , It will give error message that ‘No authorization  to update the data’.If the Authorization access is provided for the user allowed to update the data.   METHOD is_update_allowed.
update_allowed = abap_true.
ENDMETHOD. In this data updating the booking fee  It should updated to the changed value.Data is updated to the changed values .     Read More Application Development Blog Posts articles 

#SAP

Avatar for

You May Also Like

More From Author

+ There are no comments

Add yours