Hi,

we use SAP Cloud Portal for a set of HTML5 apps which retrieve data from a SAP system via the cloud connector. For several reasons it is needed to use a technical user to connect to SAP backend functionality. (we cannot provide users in SAP for each cloud user)

The portal now offers different roles and also a section that is open to external users.

All roles and user groups must use different selection criteria for the retrieval of backend data through the technical user in SAP based on their role.

How would we implement such an authorization concept ? Since all web services are open to all users once they logged in to the portal, URL parameters are a no go (every authenticated user could call them with manipulated URL parameters).

A wrapping in a XS script with a auth check against say a HANA cloud internal table is also no solution: Even when the web service is called from within the XS script, a smart hacker could get hold of the URL and retrieve all data.

How would we realize such a requirement with SAP NEO methods ?

Others surely must have had such a problem (e.g. for larger Cloud Portal audiences with SAP ERP connection)

Any advise or help is appreciated !