Application Authentication – Assigning Roles to HTML5 Application ( HCP )
This was something for which i banged my head a lot to find out solution. So thought of publishing this so that others can easily use this.
When an application is deployed on Hana cloud Platform any user can access the application from HTML5 link as well. To prevent this unauthorized access , application level authentication is necessary.
Steps to achieve this:
- Create roles for WebIde subscription, these roles will be visible for all HTML5 application.
2.Create new role
3.Assign users to the newly created role
4.Go to HTML5 application
5. In application permission section , choose the newly created role
6. In the application , specify the Security constraint parameter with the permission name to be authenticated
{
“authenticationMethod”: “saml”,
…..
“securityConstraints”: [
{
“permission”: “AccessApplicationDescriptor”,
“description”: “Access User Data”,
“protectedPaths”: [
“/”
],
“excludedPaths”: [
“/logout/**”
]
}
]
}
7. For more information , refer https://help.hana.ondemand.com/help/frameset.htm?aed1ffa3f3e741b3a4573c9e475aa2a4.html
8. ProtectedPaths should be “/” to restrict access to complete application (all views) .
9. If you specifiy a file name eg : /neo-app.json in protectedpaths parameter and try to access the neo-app.json file it will give an error but will allow to access the complete application.
Hope this would reduce lot of efforts for many people.
Happy Learning!! Thanks !!!
Is it not something which was explained in this Open SAP course:
https://open.sap.com/courses/cp1-2/items/3ZIFdaoP1V4by3XrHdurkH
Thanks
Prashant
Well, also the SAP Standard documentation on Authorization for HTML5 Applications does a good job there.
I can't thank you enough for writing this, I was breaking my head on the same and it finally worked. Thanks to this blog!
Hi Ragini,
Very helpful blog. But how can we fetch the roles and group assigned to the userid at front-end side in that application? for ex. here user-id with role as administrator is logged in. Now how to fetch that value as administrator role in front-end side. I tried to use userapi service but it will give restricted information like name and email-id of user-id but not role.
Hi,
I have the same problem to get this role inside my app.
How we can solve?
Thanks,
Fabio