on 08-10-2020 2:01 PM
Hello,
I have an oData Service (xsodata) that is consumed by an UI5 Application. However, everyone with access to the URL can f.e. get all the resources for /Requests . To solve this, I set up principal propagation to get the current user in the application also on the HANA XS Server. Whenever a user sends a call to /request, only resources with the property userID = CURRUSER should be returned. If the user enters queries for a request ID in the Frontend not belonging to his created request, he should get an auth error / empty result. What is the best way to solve this? I am fairly new to the xs implementation and little confused by all the configurations/files
thanks and best regards
I hope I get your question correct. You try to restrict the response of an OData service, that only dat is returned which userID property equals the current user.
If yes, then an option is to use Structured Privileges. With that you can restrict the access to the data with a fixed filter clause.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
71 | |
8 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.