Show TOC Start of Content Area

Background documentation Permissions Tab Page  Locate the document in its SAP Library structure

Definition

A type of index view used to set permissions properties of a business object service.

Use

With the Permissions tab page, you specify whether a business object has permissions associated with it and if there are permission checks for each instance.

Permission Checking

You can choose the following:

·        Permission checks enabled

This option indicates that the business object is secured and the permissions checking is performed for its CRUD (create, read, update, delete) methods. If the option is enabled, a code with permissions checks is added in every CRUD method.

In runtime, the permission checks are performed for the principal who is currently working with the application. You can assign permissions to principals using the Authorization Assignment.

More information: Protecting Access to Business Object Operations.

      Permission on instance level

This option provides an API with permissions for every instance of the business object that can be set. This can only be activated if you have enabled the Permission checks enabled indicator.

The permission Owner is assigned by default to the current user. This permission allows the modification of the instance permissions.

The API is generated as part of the business object service, and consists of the following methods:

 

void addPermission(IPrincipal principal,

                   String permission,

                   String user,

                   String key)

                                 throws CAFBONodeException;

void removePermission(IPrincipal principal,

                      String permission,

                      String user,

                      String key)

                                 throws CAFBONodeException;

 

Map<IPrincipal, Set<String>>

getPrincipalPermissions(IPrincipal principal,

                        String permission,

                        String user,

                        String key)

                                   throws CAFBONodeException;

 

   /*  getPrincipalPermissions() returns a set of permissions per

       principal

     * If principal is null, the permissions for all principals is

       returned.

     * If permission is null, all permissions are returned.

   */

  

  

 

/*

   principal - an Application Server Java principal (user, role or

   group) to which permissions are assigned/removed ;

   you can use the security API to obtain a desired instance of a

   principal

  

   key - the GUID of the business object instance (use the method

   getKey() to obtain it) for which permissions are given to the

   principal                                                 

 

   user - unique id (see IPrincipal.getUniqueID()) of the user that 

   performs the permissions manipulation; must have an "owner"

   permission

 

   permission - can be one of the following: "create", "read",

   "update", "delete" , "fullcontrol" or "owner"

 */

 

Permission Propagation

You can choose an association to another business object for permission propagation. This means that an instance of the currently edited business object adds its permissions to one of the instances which are associated to it.

End of Content Area