In this blog post, we'll demonstrate how to add authorization and access information to CAP model using the CDS Graphical Modeler via CAP annotation "@requires".
Authorization and Access Control for CAP Model using the CDS Graphical Modeler
In
Authorization and Access Control for CAP Model using the CDS Graphical Modeler – Part 1 we have demonstrated how to create CAP annotations "@readonly" and "@insertonly". In this blog post, we will demonstrate how to create complex CAP annotations "@requires" in order to protect your services and entities.
If we have below CDS service model:
And we want to protect the service by allowing only the authenticated user to access it. First open the service model using the model, right click the canvas and show the context menu for the service:
Click the "Manage Annotation" context menu and show the annotation editor:
Click the "+" button and select "requires" annotation term from the list:
Press "Enter" key to confirm your selection, and click "+" button for this term:
In the value drop down list, select "authenticated-user":
Click "Update" button to close this dialog. Now you can check your CDS file and see the annotation has been applied to the service:
If we want to use "@requires" for an entity, for example we want to only allow users with "administrators", "users" and "auditors" to access entity "Regions", we can do similar as below using the annotation editor:
Conclusion
In this blog post, we demonstrated how to use "@requires" CAP annotation using the CDS Graphical Modeler to protect your services and entities.
References
https://cap.cloud.sap/docs/guides/authorization
https://blogs.sap.com/2022/04/29/an-introduction-to-cds-graphical-modeler-for-visual-studio-code/
https://marketplace.visualstudio.com/items?itemName=SAPSE.vscode-wing-cds-editor-vsc