cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How can I obtain groups assigned to a user in Cloud Identity Services within my OData service in S4?

LuizZanella
Newcomer

on ‎2024 Aug 05 9:22 PM

0 Kudos
222

We have an application hosted on BTP Cloud Foundry with authentication configured through Cloud Identity Services. So far, everything works fine.

We can retrieve the logged-in user's data via the approuter and then obtain the user's data from Identity, including their groups and additional information.

The problem is that we need to check some user authorizations based on the groups they are assigned to.

For example, if they are in an approvers group, they can approve certain discount requests.

Once the discount request is approved, it is processed in S4 via an OData service, which is called by the UI5 app through the destination. In the backend, I cannot determine which user is logged into the app or which groups they belong to.

How can we achieve this?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
MSo
Product and Topic Expert
Product and Topic Expert
‎2024 Oct 09 9:36 AM
0 Kudos
Making the 'backend' application aware of the user context can be achieved by protecting/authenticating the call with a token that contains a user identifier ('principal propagation'); e.g. the OIDC token issued by IAS could be an option. And beforehand one should provision the user-group assignments from a central user store or access governance system to the backend system. This can be done with the Identity Provisioning service.

Accepted Solutions (0)

Answers (0)

Ask a Question