In this blog post, we’ll demonstrate how to add authorization and access information to CAP model using the CDS Graphical Modeler via CAP annotation “@restrict”.
In https://cap.cloud.sap/docs/guides/authorization#restrict-annotation CAP annotation "@restrict" is used to project your CAP resources. In this blog post, we'll demonstrate how to do the same using the CDS Graphical Modeler so that you don't need to remember the complex syntax of the CAP annotation terms.
Let's say we have the service model:
And we'll show you how to achieve complex authorization for entity "Customers" by creating CAP annotation "@restrict" for this entity using the model.
First click entity "Customers" and select "Manage Annotation" context menu to show the annotation editor:
Click the "+" button for the entity and select "restrict" annotation from the list:
Press "Enter" key to confirm your selection, and click the "+" button for the term so that we can input value:
Click the "+" button for property "grant", and you can see in the value list the corresponding permissions you can choose:
And you can do the same to property "to" which also takes an array as its value.
If we want to allow "READ" to users with "users" role, but allow "CREATE", "UPDATE" and "DELETE" only to users with "administrators" and "auditors", we can do below:
Click "Update" button to close the dialog, and you can see the annotation has been applied to the entity:
In this blog post, we demonstrated how to create complex authorization for CAP model through CAP annotation "@restrict" by using the CDS Graphical Modeler.
Authorization and Access Control
https://blogs.sap.com/2023/01/05/authorization-and-access-control-for-cap-model-using-the-cds-graphi...
https://blogs.sap.com/2023/01/05/authorization-and-access-control-for-cap-model-using-the-cds-graphi...
https://blogs.sap.com/2022/04/29/an-introduction-to-cds-graphical-modeler-for-visual-studio-code/
Authorization and Access Control for CAP Model using the CDS Graphical Modeler
In https://cap.cloud.sap/docs/guides/authorization#restrict-annotation CAP annotation "@restrict" is used to project your CAP resources. In this blog post, we'll demonstrate how to do the same using the CDS Graphical Modeler so that you don't need to remember the complex syntax of the CAP annotation terms.
Let's say we have the service model:
And we'll show you how to achieve complex authorization for entity "Customers" by creating CAP annotation "@restrict" for this entity using the model.
First click entity "Customers" and select "Manage Annotation" context menu to show the annotation editor:
Click the "+" button for the entity and select "restrict" annotation from the list:
Press "Enter" key to confirm your selection, and click the "+" button for the term so that we can input value:
Click the "+" button for property "grant", and you can see in the value list the corresponding permissions you can choose:
And you can do the same to property "to" which also takes an array as its value.
If we want to allow "READ" to users with "users" role, but allow "CREATE", "UPDATE" and "DELETE" only to users with "administrators" and "auditors", we can do below:
Click "Update" button to close the dialog, and you can see the annotation has been applied to the entity:
Conclusion
In this blog post, we demonstrated how to create complex authorization for CAP model through CAP annotation "@restrict" by using the CDS Graphical Modeler.
References
Authorization and Access Control
https://blogs.sap.com/2023/01/05/authorization-and-access-control-for-cap-model-using-the-cds-graphi...
https://blogs.sap.com/2023/01/05/authorization-and-access-control-for-cap-model-using-the-cds-graphi...
https://blogs.sap.com/2022/04/29/an-introduction-to-cds-graphical-modeler-for-visual-studio-code/
- SAP Managed Tags:
