ABAP for Cloud Development
AS ABAP Release 914, ©Copyright 2024 SAP SE. All rights reserved.
ABAP - Keyword Documentation → ABAP RAP Business Objects → RAP - Behavior Definitions → RAP - BDL for Behavior Definitions → RAP - Managed and Unmanaged Behavior Definitions → RAP - EntityBehaviorDefinition → RAP - EntityBehaviorBody → RAP - RAP BO Operations → RAP - RAP BO Operation, Additions →
RAP - authorization:global
Syntax
... (authorization:global) ...
Description
The RAP BO operation addition authorization:global replaces the authorization control that is specified in the authorization master entity and applies global authorization checks instead. It can be used for actions and determine actions in authorization master and authorization dependent entities.
It is possible to combine the additions authorization:global and authorization:instance for an action or a determine action. Then, both RAP handler methods, FOR GLOBAL AUTHORIZATION and FOR INSTANCE AUTHORIZATION, are checked before the action is executed. Example:
action ( authorization : global, authorization : instance ) MyAction;
If no authorization control is specified for an action, the authorization mode of the authorization master (global, instance, or both) is used for the action by default.
Hints
- In managed, unmanaged, and projection RAP BOs, authorization control can be specified in the authorization master entity and applies to all actions. The operation additions
authorization:none,authorization:update,authorization:global, andauthorization:instanceare optional. However, in base BDEF extensions, authorization control must be specified for each action separately. The reason for this is that the authorization control of extension actions should be independent of the authorization control of the original RAP BO to ensure stability even if the original BO is changed. - The addition
authorization:globalcannot be used for internal operations.
Further Information
- Development guide for the ABAP RESTful Application Programming Model, topic Action Definition.
- For details on authorization control in RAP, see topic RAP - Authorization.
Example
This example demonstrates authorization control for RAP actions in a BDEF extension. The base behavior definition DEMO_RAP_AUTH_GLOBAL defines instance-based authorization control in the authorization master entity.
managed implementation in class bp_demo_rap_auth_global unique;
strict ( 2 );
extensible;
define behavior for DEMO_RAP_AUTH_GLOBAL alias Root
persistent table demo_dbtab_root
lock master
authorization master ( instance )
extensible
{
create;
update;
delete;
field ( readonly ) key_field;
}The BDEF extension DEMO_RAP_AUTH_GLOBAL_X1 defines new extension actions with an authorization control that replaces the authorization control from the original BDEF. The extension actions and the respective authorization control are implemented in the extension ABAP behavior pool.
extension using interface DEMO_RAP_GLOBAL_AUTH_INT
implementation in class bp_demo_rap_auth_global_x1 unique;
extend behavior for Root
{
action ( authorization : instance ) ext1AuthInstance;
action ( authorization : global ) ext1AuthGlobal;
action ( authorization : global, authorization : instance )
ext1AuthGlobalInstance;
action ( authorization : none ) ext1AuthNone;
association _child { create; }
}
define behavior for DEMO_RAP_AUTH_GLOBAL_CH alias Child
using DEMO_RAP_GLOBAL_AUTH_INT_CH
persistent table demo_dbtab_child
lock dependent
authorization dependent
{
update;
delete;
field ( readonly ) key_field, key_field_child;
association _parent;
action ( authorization : update ) ext1AuthUpdate;
}