on 02-03-2016 3:42 PM
Hi,
I am having trouble understanding how the .xsprivilege works when used in a XS application project. I read the help documentation and imported some hello world example projects and toyed around but I still don't get it....
Here's what I need help with,
1) When we define a .xsprivilege with 'Display' and 'Admin' options, are they keywords that set the privilege levels? I think it is not, but not sure.
2) The help document on '.xsaccess' specifies,
"The authorization keyword in the .xsaccess file enables you to specify which authorization level is required for access to a particular application package, for example, execute or admin on the package sap.xse.text."........where do we specify what actions are permitted as part of 'execute' or 'admin' privilege?
3) Or is the level of access for 'execute' and 'admin' actually defined when we use the privilege in the '.hdbrole' file depending on the access levels we define there?
Thank You,
Benedict
Hello Benedict.
1) The privilege names can be defined free in your .xsprivilege file. You can define any number of privileges you need. There is not restriction to special names. How the privilege names are used to steer the privileges is done using the .xsaccess file and roles.
2) By adding a specific privilege to an .xsaccess file, the privilege steers the access to the package to which the .xsaccess file belongs (also the sub-packages are affected if no specific .xsaccess file(s) are available for the sub-packages).
Example package structure:
A user which has assigned the application privilege "mypackage::admin_tools" assigned via a role can execute the xsjs service in the admin_tools sub-package. A user which has assigned the application privilege "mypackage::dummy_tools" via a role can execute the xsjs service in the dummy_tools sub-package.
3) Via a role an application privilege has to be assigned to the users who needs it. Without giving users the application privilege the "secured" objects can not be executed. What exactly can be executed with a specific application privilege is steered by the "package assignment" due to the definition in the .xsaccess file. In an XSJS also the $.session.assertAppPrivilege method (JSDoc: Class: Session) can be used to check if a user has a specific application privilege assigned.
Regards,
Florian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.