Hi,
I am currently working on a CAP application, where access to actions should be restricted by roles.In the backend I have the restrictions implemented as following.
entity EntityA @restrict(...) {...}
actions {
someAction(...);
};
annotate EntityA.someAction with @requires : ['role1','role2'];
This part works fine. However, the button for that action in the Fiori Elements list report page is still accessible for all users. Unauthorized users get a 403 Forbidden message after they submit the form. What I want to achieve is disabling the button for them from the start.
I have tried using the Core.OperationAvailable annotation but I could not figure out how to access the requestor's roles.
Can someone help me with this.
Thanks for your help.
Atakan