Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ABAP RAP - Instance Authorization

AbhishekSharma
Active Contributor
‎12-08-2022 4:47 AM
Hello,

In this beginner blog post we are going to see how we can use Authorizations (Instance Authorization) in ABAP Restful Application Programming Model.

 

Ref: https://help.sap.com/docs/BTP/923180ddb98240829d935862025004d6/2f888de9d96e44acbfde2936d2c8bf24.html

 



 

Instance Authorization


Instance authorization is used for all authorization checks, in addition to the user role. With instance authorization, you can define authorization on a field or operation (UPDATE, DELETE). Instance authorization is only possible for instance-based operations.

Instance authorization is not available for CREATE operation.

 

Step 1


Add Instance keyword in Behavior Definition file.

Define Instance authorization in the behavior definition and implement it in the behavior implementation class

 


 

Step 2


Add method in Behavior Definition Implementation class.

Use quick fix option available to generate the method declaration for the authorization control in the behavior Implementation from behavior definition editor.

 

Got new method Definition, which is used to put custom code for Authorization Check

 

Step 3


Implement GET_INSTANCE_AUTHORIZATION method with below code.

REQUESTED_AUTHORIZATION is Importing parameter which identified which authorization control is requested by user.

In our demo scenario we have requested UPDATE or EDIT authorization.

RESULT parameter is available which must be filled with AUTHORIZATION result.

 
  METHOD get_instance_authorizations.



  DATA: update_requested type abap_bool,

        update_grtanted TYPE abap_bool.



  READ ENTITIES OF zi_student_5000 IN LOCAL MODE

    ENTITY Student

    FIELDS ( Status ) WITH CORRESPONDING #( keys )

    RESULT DATA(studentadmitted)

    FAILED failed.

  CHECK studentadmitted is not initial.

  update_requested = COND #( WHEN requested_authorizations-%update = if_abap_behv=>mk-on OR

                                  requested_authorizations-%action-Edit = if_abap_behv=>mk-on THEN

                                  abap_true ELSE abap_false ).



  loop at studentadmitted ASSIGNING FIELD-SYMBOL(<lfs_studentadmitted>).

    if <lfs_studentadmitted>-Status = abap_false.

        if update_requested = abap_true.

            update_grtanted = is_update_allowed(  ).

            if update_grtanted = abap_false.

                APPEND VALUE #(  %tky = <lfs_studentadmitted>-%tky ) to failed-student.

                APPEND VALUE #( %tky = keys[ 1 ]-%tky

                                %msg = new_message_with_text(

                                    severity = if_abap_behv_message=>severity-error

                                    text = 'No Authorization to update status!!!'

                                )

                ) to reported-student.

            ENDIF.

        endif.

    endif.

  endloop.

  ENDMETHOD.

 

Testing Instance Auth. Implementation


 

Simulating IS_UPDATE_ALLOWED method for Authorization Object Check by returning ABAP_FALSE, which says Authorization check failed.

 


 

Run application and click on Set Admitted button.



 

Since the method IS_UPDATE_ALLOWED returned ABAP_FALSE, which is simulation for Actual Authorization Object returned ABAP_FALSE

Error message is displayed to user.

 


 

Previous Blog Post : Global Authorization in ABAP RAP


 

 

Thanks-

Abhishek

 
3 Comments
Labels in this area
Popular Blog Posts