Show TOC

Permissions Tab PageLocate this document in the navigation structure

Definition

A type of index view used to set permissions properties of a business object service.

Use

With the Permissions tab page, you specify whether a business object has permissions associated with it and if there are permission checks for each instance.

Permission Checking

You can choose the following:

  • Permission checks enabled

    This option indicates that the business object is secured and the permissions checking is performed for its CRUD (create, read, update, delete) methods. If the option is enabled, a code with permissions checks is added in every CRUD method.

    In runtime, the permission checks are performed for the principal who is currently working with the application. You can assign permissions to principals using the Authorization Assignment.

    More information: Protecting Access to Business Object Operations .

  • Permission on instance level

    This option provides an API with permissions for every instance of the business object that can be set. This can only be activated if you have enabled the Permission checks enabled indicator.

    The permission Owner is assigned by default to the current user. This permission allows the modification of the instance permissions.

    The API is generated as part of the business object service, and consists of the following methods:

     
    voidaddPermission(IPrincipal principal,
                       String permission,
                       String user,
                       String key)
                                     throwsCAFBONodeException;
    voidremovePermission(IPrincipal principal,
                          String permission,
                          String user,
                          String key)
                                     throwsCAFBONodeException;
     
    Map<IPrincipal, Set<String>>
    getPrincipalPermissions(IPrincipal principal,
                            String permission,
                            String user,
                            String key)
                                       throwsCAFBONodeException;
     
       /*  getPrincipalPermissions() returns a set of permissions per
           principal
         * If principal is null, the permissions for all principals is
           returned.
         * If permission is null, all permissions are returned.
       */
      
      
     
    /*
       principal - an Application Server Java principal (user, role or
       group) to which permissions are assigned/removed ;
       you can use the securityAPIto obtain a desired instance of a
       principal
      
       key - the GUID of the business object instance (use the method
       getKey() to obtain it) for which permissions are given to the
       principal                                                 
     
       user - unique id (see IPrincipal.getUniqueID()) of the user that 
       performs the permissions manipulation; must have an "owner"
       permission
     
       permission - can be one of the following: "create", "read",
       "update", "delete" , "fullcontrol" or "owner"
     */
     

Permission Propagation

You can choose an association to another business object for permission propagation. This means that an instance of the currently edited business object adds its permissions to one of the instances which are associated to it.