cancel
Showing results for 
Search instead for 
Did you mean: 

Protect parts of an HTML5 application in SAP CP using groups / roles

0 Kudos

Hi all,

I hope this is not a duplicate, but I couldn't find any answer so far.

My goal is to show parts of an HTML5 application in SAP Cloud Platform (Neo) only to authorized users. Ideally, I would like to retrieve the roles / groups of a user during execution time and based on that hide / disable certain buttons.

So far, I found out that I can exclude subpages [1] which is not what I would like to do. Also there is the authorization management API [2], but that's meant for administration and not for productive use. It would also require to store passwords in the code which is obviously not the right way to go.

Is there any other way to retrieve the role / group information of a user during runtime? I am thinking of something like "isUserInRole("Developer")" which exists for java [3] or the user API for HTML5 [4].

Thank you very much for your response!

[1]: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/a139548b21954e319a2a351e993...

[2] https://api.hana.ondemand.com/authorization/v1/documentation

[3] https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/85a19f0ef154441c8b077cc8e09...

[4] https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/1de599bf722446849d2b2e10132...

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

After a while (and after submitting this question [5]), I realized that one can (rather easily) solve this problem by using the concept from [1] (see question) and use "securityConstraints" to block access to one of the files in ones repository. By using an HTTP request on that file, one can than check whether the user has the permission to see it. This definitely does not feel like the right way, but at least it's a rather simple way to solve this problem.

[5]: https://answers.sap.com/questions/406585/problem-with-security-constraints-protected-paths.html

Answers (1)

Answers (1)

christian102094
Participant
0 Kudos

Hi,

I've used the SCP Identity Authentication Service API to do this... I think it's different than the Authorization API you mentioned.

It will only work if you are using SCP IAS as IdP though.

Best regards.