Skip to Content
Author's profile photo Ragini Upadhyay

Application Authentication – Assigning Roles to HTML5 Application ( HCP )

This was something for which i banged my head a lot to find out solution. So thought of publishing this so that others can easily use this.

When an application is deployed on Hana cloud Platform any user can access the application from HTML5 link as well. To prevent this unauthorized access , application level authentication is necessary.

Steps to achieve this:

  1. Create roles for WebIde subscription, these roles will be visible for all HTML5 application.

2.Create new role

3.Assign users to the newly created role

4.Go to HTML5 application

5. In application permission section , choose the newly created role

6. In the application , specify the Security constraint parameter with the permission name to be authenticated

{

“authenticationMethod”: “saml”,

…..

“securityConstraints”: [

{

“permission”: “AccessApplicationDescriptor”,

“description”: “Access User Data”,

“protectedPaths”: [

“/”

],

“excludedPaths”: [

“/logout/**”

]

}

]

}

7. For more information , refer https://help.hana.ondemand.com/help/frameset.htm?aed1ffa3f3e741b3a4573c9e475aa2a4.html

8. ProtectedPaths should be “/” to restrict access to complete application (all views) .

9. If you specifiy a file name eg : /neo-app.json in protectedpaths parameter and try to access the neo-app.json file it will give an error but will allow to access the complete application.

 

Hope this would reduce lot of efforts for many people.

 

Happy Learning!! Thanks !!!

Assigned tags

      5 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Kumar Prashant
      Kumar Prashant

      Is it not something which was explained in this Open SAP course:

      https://open.sap.com/courses/cp1-2/items/3ZIFdaoP1V4by3XrHdurkH

       

      Thanks

      Prashant

      Author's profile photo Gregor Wolf
      Gregor Wolf

      Well, also the SAP Standard documentation on Authorization for HTML5 Applications does a good job there.

      Author's profile photo Spoorthy Sreenivasan
      Spoorthy Sreenivasan

      I can't thank you enough for writing this, I was breaking my head on the same and it finally worked. Thanks to this blog!

      Author's profile photo karan saindane
      karan saindane

      Hi Ragini,

      Very helpful blog. But how can we fetch the roles and group assigned to the userid at front-end side in that application? for ex. here user-id with role as administrator is logged in. Now how to fetch that value as administrator role in front-end side. I tried to use userapi service but it will give restricted information like name and email-id of user-id but not role.

      Author's profile photo Fabio Formisano
      Fabio Formisano

      Hi,

       

      I have the same problem to get this role inside my app.

      How we can solve?

       

      Thanks,

      Fabio