You can protect access to business object CRUD ( create, read, update, delete ) operations. The query operations are also protected. When such operations are executed, the permissions for read are checked.
Enabling Permission Checking on Business Object Node Level
To enable permission checking, mark the Permission checks enabled indicator.
This option indicates that the business object has been secured and the system performs permission checking for its CRUD (create, read, update, delete) methods. If the option is enabled, a code with permissions checks is added in every CRUD method.
At runtime, the system performs permission checks for the principal who is currently working with the application. You can assign permissions to principals using the SAP NetWeaver Administrator tool.
You can assign service permissions to protect business object operations.
To access the CAF authorizations, you must have the SAP _CAF_ADMIN role assigned.
Replace <host> and <port> with the Application Server (AS) Java host and port.
For more information, see Managing Business Rules List .
For more information, see Managing Access Control List and Managing Conditions List .
Enabling Permission Checking on Business Object Instance Level
This option provides an API with permissions for every instance of the business object that can be set. This can only be activated if you have enabled the Permission checks enabled indicator. The permission Owner is assigned by default to the current user. This permission allows the modification of the instance permissions. The API is generated as part of the business object service, and consists of the following methods:
voidaddPermission(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; voidremovePermission(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; Map<IPrincipal, Set<String>> getPrincipalPermissions(IPrincipal principal, String permission, String user, String key) throwsCAFBONodeException; /* getPrincipalPermissions() returns a set of permissions per principal * If principal is null, the permissions for all principals are returned. * If permission is null, all permissions are returned. */ /* principal - an Application Server Java principal (user, role or group) to which permissions are assigned/removed; you can use the securityAPIto obtain a desired instance of a principal key - the GUID of the business object instance (use the method getKey() to obtain it) for which permissions are given to the principal user - unique id (see IPrincipal.getUniqueID()) of the user that performs the permissions manipulation; must have an "owner" permission permission - can be one of the following: "create", "read", "update", "delete" , "fullcontrol" or "owner" */ |