Reputation: 297
SAP Gateway runtime odata path permissions
Is there standard way to change runtime permissions for a user to be able to call certain odata resources of a SAP gateway service, other than manually writing code in every service implementation method to check if the request is allowed?
For example, based on some setting in customizing, the odata paths below /foo and /bar for user x should be forbidden, i.e. HTTP GET/POST/DELETE <host>:<port>/foo/test and HTTP GET/POST/DELETE <host>:<port>/bar/test should yield HTTP 403 for user x, but HTTP GET/POST/DELETE <host>:<port>/something should be OK.
Is there a way where this can be controlled at a single place rather than being required to implement a check in every method implementing the odata requests?
Upvotes: 0
Views: 2182
Answers (1)
Reputation: 742
The proper place for the authorization check is in the backend method. Any authorization error should populate back to the service and yield a 403 for example.
If you for some reason don't want that, you could write your own HTTP handler and insert it in SICF to be called on all paths.
The standard role setup only allows access or no access to a service, the "pattern" access you are referring to is missing. But I can't really understand why you would want it? It will make your Odata services kind of un-predictable for the consumer, wouldn't it?
Upvotes: 2
Related Questions
- SAP SICF - odata service nodes not created
- SAP UI5 odata create fail
- Redefine standard OData service - SAP Gateway NetWeaver
- How to add headers to odata get service
- Change the processing mode to "routing-based" before adding system alias
- SAP Gateway Client throws PAGE NOT FOUND! while creating OData service
- SAP Odata service metadata do not output fully in browser
- Error while updating SAP backend data using OData and SAP Gateway services
- Return delta from SAP OData Sample service
- OData service authentication with SAP Gateway service OpenUI5