A type of index view used to set permissions properties of a business object service.
With the Permissions tab page, you specify whether a business object has permissions associated with it and if there are permission checks for each instance.
Permission Checking
You can choose the following:
This option indicates that the business object is secured and the permissions checking is performed for its CRUD (create, read, update, delete) methods. If the option is enabled, a code with permissions checks is added in every CRUD method.
In runtime, the permission checks are performed for the principal who is currently working with the application. You can assign permissions to principals using the Authorization Assignment.
More information: Protecting Access to Business Object Operations .
This option provides an API with permissions for every instance of the business object that can be set. This can only be activated if you have enabled the Permission checks enabled indicator.
The permission Owner is assigned by default to the current user. This permission allows the modification of the instance permissions.
The API is generated as part of the business object service, and consists of the following methods:
voidaddPermission(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; voidremovePermission(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; Map<IPrincipal, Set<String>> getPrincipalPermissions(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; /* getPrincipalPermissions() returns a set of permissions per principal * If principal is null, the permissions for all principals is returned. * If permission is null, all permissions are returned. */ /* principal - an Application Server Java principal (user, role or group) to which permissions are assigned/removed ; you can use the securityAPIto obtain a desired instance of a principal key - the GUID of the business object instance (use the method getKey() to obtain it) for which permissions are given to the principal user - unique id (see IPrincipal.getUniqueID()) of the user that performs the permissions manipulation; must have an "owner" permission permission - can be one of the following: "create", "read", "update", "delete" , "fullcontrol" or "owner" */ |
Permission Propagation
You can choose an association to another business object for permission propagation. This means that an instance of the currently edited business object adds its permissions to one of the instances which are associated to it.