Hi Experts
I am developing and deploying application in SAP Cloud Platform , Custom App is based on Fiori Element. It is tied back to S4 HANA Cloud system via url maintained in Custom tile. In S4 HANA Cloud we have some business roles which are restricted wrto Plant , Those business roles are assigned to Catalog which is further assigned to this custom tile. Now in ECC days , we used to write Custom Authorization check and pass Plant to it and it tells us whether you are authorized to access that plant or not, I have below challenges:
1) We have implemented SAML2 authentication activated , how do I read which user is accessing the application as user will come through IDP and user is not maintained in SCP where is app is being developed. This IDP settings are further connected to corporate Ping.
2) If we get the user how do I impose or pass those restriction to data ? Is there any standard way of doing it, I have work-around by creating one custom bo and maintain data over there and call that to validate but I am looking for some standard way of doing it.
3) As this is Fiori Element app, initial data is loading directly, how to control loading of data in app by restricting it via logged in user by authenticating it against the plant which is provided by business role.
Let's try to explore this issues and in this process, we will understand the system better. Your responses are highly appreciated.
Regards
Ankesh