Analysis of Authorization Requirements

The prerequisite for deciding on using one of the following authorization providers, or creating a new one, is the analysis of the protection requirements of an application.

Context

This decision can be helped by answering the questions below:

  1. Does the application need authorization protection? If not, use the provider for no authorization check.
  2. Does the application use the ABAP authority check? If not, create your own authorization provider.
  3. Is authorization metadata for the business entities used in the application and does it match the authorization attributes required by the application? If the answer is ‘yes’, use the default authorization provider. If not, use the parameterized generic authorization provider.