cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help understanding ".xsprivilege"

Go to solution
BenedictV
Active Contributor

on ‎02-03-2016 3:42 PM

0 Kudos

Hi,

I am having trouble understanding how the .xsprivilege works when used in a XS application project. I read the help documentation and imported some hello world example projects and toyed around but I still don't get it....

Here's what I need help with,

1)     When we define a .xsprivilege with 'Display' and 'Admin' options, are they keywords that set the privilege levels? I think it is not, but not sure.

2)     The help document on '.xsaccess' specifies,

          "The authorization keyword in the .xsaccess file enables you to specify which authorization level is required for access to a particular           application package, for example, execute or admin on the package sap.xse.text."........where do we specify what actions are permitted           as part of 'execute' or 'admin' privilege?

3)     Or is the level of access for 'execute' and 'admin' actually defined when we use the privilege in the '.hdbrole' file depending on the access levels we           define there? 

Thank You,

Benedict

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pfefferf
Active Contributor
‎02-03-2016 8:19 PM
0 Kudos

Hello Benedict.

1) The privilege names can be defined free in your .xsprivilege file. You can define any number of privileges you need. There is not restriction to special names. How the privilege names are used to steer the privileges is done using the .xsaccess file and roles.

2) By adding a specific privilege to an .xsaccess file, the privilege steers the access to the package to which the .xsaccess file belongs (also the sub-packages are affected if no specific .xsaccess file(s) are available for the sub-packages).

Example package structure:

  • mypackage
    • .xsprivilege (defines privileges "admin_tools", "dummy_tools")
    • admin_tools (package)
      • .xsaccess (with "mypackage::admin_tools" privilege)
      • admin_tool_service.xsjs
    • dummy_tools (package)
      • .xsaccess (with "mypackage::dummy_tools" privilege)
      • dummy_tool_service.xsjs

A user which has assigned the application privilege "mypackage::admin_tools" assigned via a role can execute the xsjs service in the admin_tools sub-package. A user which has assigned the application privilege "mypackage::dummy_tools" via a role can execute the xsjs service in the dummy_tools sub-package.

3) Via a role an application privilege has to be assigned to the users who needs it. Without giving users the application privilege the "secured" objects can not be executed. What exactly can be executed with a specific application privilege is steered by the "package assignment" due to the definition in the .xsaccess file. In an XSJS also the $.session.assertAppPrivilege method (JSDoc: Class: Session) can be used to check if a user has a specific application privilege assigned.

Regards,

Florian

Show replies
Show replies
BenedictV
Active Contributor
‎02-04-2016 1:23 AM
0 Kudos

Hello Florian,

Thank you very much for your detailed answer. Appreciate your effort in explaining it with the example of the package hierarchy. Its like I found the missing piece of the puzzle .

Benedict

Answers (0)

Ask a Question