2024 Oct 07 8:28 AM - edited 2024 Oct 09 2:21 PM
Hi everyone,
I am currently facing the issue, that I want to grant read-only access to the context of a sap process automation (SBPA) workflow to my end users, via a REST call. Hereby, I find myself in the following scenario. I created a custom UI5-Application that uses the instance-id of a workflow to display the context. Of course, I want to design the authorization in such a way that the user is not able to manipulate the call to the SBPA API by, for example, sending a post request via Postman.
To implement this, I have evaluated the following options, which have not led to a satisfactory result:
Maybe I am missing something or one of you has another idea and can guide me into the right direction.
Thanks in advance,
Lukas
Only someone with ProcessAutomationAdmin role is allowed to update the context.
And if you use a User Token Exchange authentication in the destination than the call will know the user.
At least it should work 😺
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Dan,
thanks again for your reply!
I evaluated the options and came to the same conclusion that a middleware is necessary. In my case, I am using the API Management with a custom API that is restricted to READ operations.
Thank you very much for your input and have a nice day 🙂
User | Count |
---|---|
70 | |
10 | |
10 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.