Show TOC

Default BOPF AuthorizationsLocate this document in the navigation structure

BOPF has a generic authorization concept based on authorization objects and the authority-check statement.

The authorization objects must follow a specific pattern and are assigned to business object nodes. It is possible to assign multiple authorization objects to one node. In this case, every object will be checked at runtime.

Similar to the Core Data Services (CDS) default authorizations, the BOPF authorizations will allow access to a business object (BO):

  • Partially, instance-based, if authorization fields are mapped to node elements
  • Completely, if no authorization field mapping is done.

All BO services are protected by the default authorization check. Even if no element mapping is done, at least the called service is checked against the user authorization at runtime.

Related Information