Skip to Content
0
Aug 22, 2023 at 02:12 PM

Difference Between IAM Restriction fields and Restricting Users with IAM App Auth Field values

176 Views

Hi,

Based on the documentation online, it is apparent that in order to restrict the application usage, the Authorization Object comes into picture at 2 places:

  1. Values maintained within the IAM App, to filter on the values retrieved based on the user’s authorization ( or * for all authorization)
  2. AUTHORITY-CHECK statement within the Behavior Definition Class, which checks against the values maintained in the IAM App.

Keeping the above 2 in mind, how do the Restriction Types, available in the Business Roles under Maintain Restrictions, which also use the Authorization Objects, differ in their use from the above 2 points. Is there a difference in use case for the 2, or how can they be used together?

I went through the following 2 blogs:

https://developers.sap.com/tutorials/abap-environment-access-mgmt.html

https://blogs.sap.com/2021/07/15/custom-roles-and-authorizations-in-sap-btp-abap-stack/

However, these 2 links are insufficient to help explain the difference in the use-case between the 2.

Thanks in Advance.