Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

RAP API Service ODATA V4 Authorization Solution for technical Users

Kotty
Explorer

on ‎2022 Jun 08 11:53 AM

0 Likes
1,578

HI,

we are working on a S/4 HANA 2021 FPS 1 system and we have the following scenario:

We want to build an interface to our customer portal which use a technical user for the connection to our S/4 HANA system.

We thought about the following „authorization concept“ to give the customer only those data he is allowed to see:

Here is a very simplified data model for our case:

We have two different relationships and one business partner w/o direct connection with the following rules:

· The “Employee” is allowed to see all buildings

· The “Portal User” with “main user relationship” is allowed to see all buildings for the manager

· The “Portal User” with “sub user relationship” is allowed to see all buildings for the manager but only those where he is assigned to contract as an contact person

Current Solution – not working with RAP

Based on that scenario we build the following solution which works with standard CDS View Entities without the RAP Framework.

In our Customer Portal each portal user has a the UUID of the business partner assigned (1to1 match between a portal user and an UUID). With the UUID we can read all buildings for which the portal user is allowed to see.

Our Consumption view looks as follows

For the authorization we use a table function which deliveries all relevant buildings.

To get all buildings for one portal user we can use the following OData call.

…/<version>/Building(p_requester_uuid=AAAAAAAA-2222-BBBB-3333-CCCCCCCCCCCC)/Set?sap-client=100&sap-language=EN

And that OData call delivers the correct buildings for all three roles

Current Solution – using RAP

We tried to do the same based on the RAP framework but unfortunately, we got the following error message:

So we cannot use our solution in the RAP Framework.

Possible Solutions?

I have only one solution in mind (which I do not like)

I build one API service which includes for example two entities

I will Use Entity 1 (View Entity with parameter requestor UUID) to read only the data which the user is allowed to see.

If the user wants to create or change something we will use Entity 2 (Root View Entity)

I am looking forward to your answers and ideas.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Ramjee_korada
Active Contributor
‎2022 Jun 08 8:29 PM
0 Likes

Hi Steffen,

As far as I know, RAP framework doesn't support parameterized CDS for fiori elements . Hence I believe the same for API.

Is "service consumption model in RAP" an option for you?

If yes, then you can write your logic in dedicated ABAP method with the existing parameterized CDS view.

Best wishes ,

Ramjee Korada

Kotty
Explorer
‎2022 Jun 13 9:44 AM
0 Likes

Hi Ramjee,

thank your very much for your response. Unfortunately I guess that your solution will not help me because it's to complex and an custom entity has limited functionality and I want to offer a full OData v4 service with all the functionality of the Root View Entity (CRUD).

I only need a solution to check the authorization based on an "obligatory Parameter/s" in the read function of the Root View Entity, because I only have an technical user which represents different Customer Portal Users with different authorization and I therefore can't work with a access control.

Accepted Solutions (0)

Answers (0)

Ask a Question