Skip to Content
0

Query XSUAA to determine which users have roles and attributes

Jan 28 at 11:51 PM

93

avatar image

I have a requirement for the following workflow like scenario

Users submit forms for their site, a reviewer needs to review the form before it gets approved for the next step. Reviewers can be assigned to many sites, so can Users.

For reviewers to receive email notifications, I believe i would need to set up scheduled job under an Admin user, the job needs to determine which forms have been submitted for review since the last time the job was run for each form found, determine a list of approvers based on role (and a business user attribute XS_SITE), then send out an email notification.

I have a couple questions

Q1: how to determine which users have the 'reviewer' role?

If i call the the XSUAA REST API

/sap/rest/user/names?businessUserOnly=true&details=true

  {
    "id": "168694",
    "username": "JPATTERSON",
    "email": "john.patterson@secondphase.com.au",
    "givenName": "John",
    "familyName": "Patterson",
    "roleCollections": [
      "DEVX_DEVELOPER",
      "MYAPP_REVIEWER"
    ]
  },

I get back all business users in the system and I would need to map reduce which users have the "MYAPP_REVIEWER" role.

Q1.1: is there a better way of achieving this, as we will have lots of users, can i read this detail from a DB?

Q1.2 are there XSUAA API Docs ?

I have read the Cloud Foundry UAA Api Docs and read the code, XSUAA is a super set of UAA functions, things like Role Collections and Attributes are specific to XSUAA.

Q2 The Admin UI makes it looks like you are meant to create 1 role per Static Attribute, say

MYAPP_REVIEWER-Site-A

MYAPP_REVIEWER-Site-B

MYAPP_REVIEWER-Site-N

then assign these to the users. Admin users of our app are not happy with the overhead of maintaining many roles and then assigning them.

we would prefer to have multiple static business user attributes

XS_SITE = [Site-A, Site-B, Site-N]

these attributes are also needed for structural privilege checks also, eg users can only create forms for one of their Sites, implemented through a DCL policy.

I see Attributes being analogous to SAP User PIDS

Q2.1 can we assign multiple attributes?

Q2.2 how do static attributes get stored against a user?

I cannot see this as a feature of the XS User Admin?

Cheers

John P

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers