cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Query XSUAA to determine which users have roles and attributes

former_member182048
Active Contributor

on ‎01-28-2018 11:51 PM

I have a requirement for the following workflow like scenario

Users submit forms for their site, a reviewer needs to review the form before it gets approved for the next step. Reviewers can be assigned to many sites, so can Users.

For reviewers to receive email notifications, I believe i would need to set up scheduled job under an Admin user, the job needs to determine which forms have been submitted for review since the last time the job was run for each form found, determine a list of approvers based on role (and a business user attribute XS_SITE), then send out an email notification.

I have a couple questions

Q1: how to determine which users have the 'reviewer' role?

If i call the the XSUAA REST API

/sap/rest/user/names?businessUserOnly=true&details=true

  {
    "id": "168694",
    "username": "JPATTERSON",
    "email": "john.patterson@secondphase.com.au",
    "givenName": "John",
    "familyName": "Patterson",
    "roleCollections": [
      "DEVX_DEVELOPER",
      "MYAPP_REVIEWER"
    ]
  },

I get back all business users in the system and I would need to map reduce which users have the "MYAPP_REVIEWER" role.

Q1.1: is there a better way of achieving this, as we will have lots of users, can i read this detail from a DB?

Q1.2 are there XSUAA API Docs ?

I have read the Cloud Foundry UAA Api Docs and read the code, XSUAA is a super set of UAA functions, things like Role Collections and Attributes are specific to XSUAA.

Q2 The Admin UI makes it looks like you are meant to create 1 role per Static Attribute, say

MYAPP_REVIEWER-Site-A

MYAPP_REVIEWER-Site-B

MYAPP_REVIEWER-Site-N

then assign these to the users. Admin users of our app are not happy with the overhead of maintaining many roles and then assigning them.

we would prefer to have multiple static business user attributes 

XS_SITE = [Site-A, Site-B, Site-N]

these attributes are also needed for structural privilege checks also, eg users can only create forms for one of their Sites, implemented through a DCL policy.

I see Attributes being analogous to SAP User PIDS

Q2.1 can we assign multiple attributes?

Q2.2 how do static attributes get stored against a user?

I cannot see this as a feature of the XS User Admin?

Cheers

John P

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (0)

Ask a Question