Restrict the Query Results by User Authorizations

Services constructed on the basis of a SADL model in the Gateway Service Builder can be protected using an authorization provider. Therefore, the application has to decide on a suitable provider and pass an instance of the provider to the Gateway engine.

1. Create a suitable authorization provider.
   More on this: How to Enforce Authorizations for SADL-Based Applications.
2. Create an instance of your authorization provider. If you use a generic provider, you also need to pass the authorization parameters for the check.
   Note Use the ABAP field names of the properties for defining the field mapping.

   DATA(lo_provider) = cl_sadl_cond_prov_factory_pub=>create_for_authorization( ).
    lo_provider->add_authorization_for_object(
   	iv_authorization_object  = 'S_EPM_PD'
   	it_activities     = VALUE #( ( auth_field = 'ACTVT' value = '03' ) )
   	it_field_mapping  = VALUE #( 
   		( auth_field = 'PDCATEGORY' view_field = 'CATEGORY' ) ) ).

3. Finally, pass the provider object to the Gateway engine.

   io_query_options->set_authority_provider( lo_provider ).

   Note

   Transactional services, unlike the query, delegate the authorization enforcement to the framework that corresponds to their SADL models.

   Find out more about the authorization enforcement according to the relevant framework:

   • Securing User DDIC Against Misuse
   • Authorizations in BOPF (Business Object Processing Framework)
   • And so on