Skip to Content

Protect parts of an HTML5 application in SAP CP using groups / roles

Hi all,

I hope this is not a duplicate, but I couldn't find any answer so far.

My goal is to show parts of an HTML5 application in SAP Cloud Platform (Neo) only to authorized users. Ideally, I would like to retrieve the roles / groups of a user during execution time and based on that hide / disable certain buttons.

So far, I found out that I can exclude subpages [1] which is not what I would like to do. Also there is the authorization management API [2], but that's meant for administration and not for productive use. It would also require to store passwords in the code which is obviously not the right way to go.

Is there any other way to retrieve the role / group information of a user during runtime? I am thinking of something like "isUserInRole("Developer")" which exists for java [3] or the user API for HTML5 [4].

Thank you very much for your response!

[1]: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/a139548b21954e319a2a351e993bac40.html

[2] https://api.hana.ondemand.com/authorization/v1/documentation

[3] https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/85a19f0ef154441c8b077cc8e0901109.html

[4] https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/1de599bf722446849d2b2e10132df42a.html

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Jan 19 at 08:51 AM

    After a while (and after submitting this question [5]), I realized that one can (rather easily) solve this problem by using the concept from [1] (see question) and use "securityConstraints" to block access to one of the files in ones repository. By using an HTTP request on that file, one can than check whether the user has the permission to see it. This definitely does not feel like the right way, but at least it's a rather simple way to solve this problem.

    [5]: https://answers.sap.com/questions/406585/problem-with-security-constraints-protected-paths.html

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 18 at 02:58 PM

    Hi,

    I've used the SCP Identity Authentication Service API to do this... I think it's different than the Authorization API you mentioned.

    It will only work if you are using SCP IAS as IdP though.

    Best regards.

    Add comment
    10|10000 characters needed characters exceeded