Solved: Encode/Encrypt Fiori/UI5 URL Parameters

adnanmaqbool · ‎02-13-2024

Hi Everyone

We are using both standard and custom Fiori Apps, but URL parameters are visible to users e.g. employee number or document number/year. User is able to change the employee number or any other URL parameters to view details of other documents.

For Example

Fiori App Manage Team is having below URL and user is able to change URL parameter "employee number" to view details of other employees. How to encrypt/encode such URL parameters to restrict access to other records and Odata Query Parameters.

https://sapessqas.xxx.com:8000/ess?sap-client=999&sap-language=EN#Employee-manageTeam&/EmployeeDetai...

Note: SSL certificate is already activated may be some profile parameter needs to be maintained from BASIS end to encrypt the URL.

Edrilan_Berisha · ‎02-15-2024

Hi,

well instead of having a "readable ID" like "00000146" as in your example, you could use UUIDs. But that said that is not really an encryption. And to be honest I would highly question what you try to do here.

URL parameter should not be used to define if someone is authorised to see certain data or not. For that kind of purpose you should use proper authorization roles and authorization checks in the backend. That is business logic and belongs to the backend, not the frontend.

Best,

Edrilan Berisha

SAP S/4HANA Cloud Financials Development

Encode/Encrypt Fiori/UI5 URL Parameters

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: SAP Analytics Cloud for planning - Inverse For...

EML action - passing all fields of a selected row ...

Re: Unable to write select query in BW transformat...

Re: Write Widget names to a text box

I am unable to create instance for Data Attribute ...