Application-Specific Authorization Providers for Authority Check

Application-specific authorization providers should be used in the case where neither the default authorization providers of the business entity nor the generic authorization provider are suitable for the purpose of the application. The reasons for the latter are either that reuse of the authorization metadata is intended for multiple calls or that the application does not make use of the ABAP authority check, but has a different authorization concept.

Context

Applications that use the authority check can create an individual authority provider by subclassing a convenience class cl_sadl_cond_prov_authobj_base. This provider must be initialized and registered with the SADL runtime before passing the control to the SADL engine for query execution.

To do this, perform the following steps:

Procedure

  1. Create your own authorization provider class that inherits from thecl_sadl_cond_prov_authobj_base. 
    CLASS cl_appl_cond_provider DEFINITION INHERITING FROM cl_sadl_cond_prov_authobj_base.
	PUBLIC SECTION.
		METHODS constructor.
ENDCLASS.
  2. Create a constructor method in this class. This constructor can be used to set the authorization metadata for the authorization provider.

    See the previous chapter for the meaning of the parameters.

    METHOD constructor.
	super->constructor( ).
	add_authorization_for_object(
		iv_authorization_object = 'S_EPM_BP' 
		it_activities = VALUE #( ( auth_field = 'ACTVT' value = '03' ) ) 
		it_field_mapping = VALUE #( ( auth_field = 'EPM_BP_ID' view_field = 'MY_BP_ID' ) ) ).
ENDMETHOD.