on 02-13-2024 4:09 PM
Hi Everyone
We are using both standard and custom Fiori Apps, but URL parameters are visible to users e.g. employee number or document number/year. User is able to change the employee number or any other URL parameters to view details of other documents.
For Example
Fiori App Manage Team is having below URL and user is able to change URL parameter "employee number" to view details of other employees. How to encrypt/encode such URL parameters to restrict access to other records and Odata Query Parameters.
Note: SSL certificate is already activated may be some profile parameter needs to be maintained from BASIS end to encrypt the URL.
Hi,
well instead of having a "readable ID" like "00000146" as in your example, you could use UUIDs. But that said that is not really an encryption. And to be honest I would highly question what you try to do here.
URL parameter should not be used to define if someone is authorised to see certain data or not. For that kind of purpose you should use proper authorization roles and authorization checks in the backend. That is business logic and belongs to the backend, not the frontend.
Best,
Edrilan Berisha
SAP S/4HANA Cloud Financials Development
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.