cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

consume and edit HANA users properties through an API

former_member558421
Explorer

on ‎05-17-2018 9:10 AM

Heeejjj there,

currently we are building an app to run on XSA. This app uses the UAA service for authentication and authorization. One part of this app is an user management system.

The use case is basically that an app admin can see all HANA users (including firstname, lastname and email) in our app and is able to edit those fields. (Editing this fields can be considered as optional because editing can be done through XSA Cockpit)

Reading is mandatory because we want to attach fields which are necessary for our app to each user in our own context. (link between UAA and our app would be the HANA user name)

To summarize every HANA user can use this app and an app admin can attach app specific information to each user.

Is there any API which we can use to consume this user information?

We already tried the controller API but we have only found user guids.

Furthermore we considered to use the uaa but we couldn't solve the role/privilege. (See this post: https://answers.sap.com/questions/511804/access-uaa-rest-api-assign-uaaadmin-to-an-user.html).

Shall we just consume the HANA tables on the DB? Any hints are helpful. Thank you in advanced.


Cheers,

Frank

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

thomas_jung
Developer Advocate
Developer Advocate
‎05-17-2018 1:20 PM
0 Kudos

First are you wanting to display/update the HANA User or the XSA Business User? They aren't necessarily the same thing. Or you using HANA User DB as your XSA User Store or an external IDP? If HANA is your user store and you migrate your HANA User to be XSA Business Users, then you can do what you described above using only SQL against the Users view + SQL commands like CREATE USER/ALTER USER. XS Role collections can even be assigned by altering the user with SQL as they are stored as parameters on the user profile in this case:

EXEC 'ALTER USER ' || :lv_user || ' SET PARAMETER XS_RC_XS_CONTROLLER_USER = ''XS_CONTROLLER_USER''';

However if you need to set Controller Org or Space roles, you will need to call the controller APIs.

To part of your question in the other thread, I believe you would have to call /v2//users to get the list and their guids and the loop over that and call /v2/users/{guid} for each one for more details. However if you are going to get into the role collection assignments and you aren't using the HANA user store (and the SQL ALTER USER approach), then you will have to call the separate UAA APIs. See examples here: https://github.com/I809764/controllerAPI/blob/master/node/router/routes/users.js

Show replies
Show replies
revanth_reddy
Explorer
‎04-21-2022 6:50 AM
0 Kudos

Hello Thomas,

Is there a way we can list XSA business users from xsjs / sapui5.

or

Can we call the Controller API using xsjs or sapui5.

Thanks

Revanth

thomas_jung
Developer Advocate
Developer Advocate
‎04-21-2022 12:37 PM
0 Kudos

revanth.reddy sure you can call the controller or UAA API via XSJS (or maybe from UI5 directly although the authentication there might be more complicated). It's a REST API. Now I'd really suggest using Node.js instead of XSJS as I did in the above linked example. But you could adapt that to XSJS.

revanth_reddy
Explorer
‎04-22-2022 6:47 AM
0 Kudos

thomas.jung Thank you so much for your help.

revanth_reddy
Explorer
‎04-27-2022 5:12 AM
0 Kudos

thomas.jung Any sample reference for how it can be done in xsjs. How do we handle authentication here?

Thanks

thomas_jung
Developer Advocate
Developer Advocate
‎04-27-2022 9:05 AM
0 Kudos

No sample reference for XSJS. The sample is already provided in Node.js why duplicate that to XSJS? The authentication would work the same way. I'm just forwarding the bearer token from the incoming request. But really why force changing it all over to XSJS?

revanth_reddy
Explorer
‎05-04-2022 8:37 AM
0 Kudos

Hi Thomas,

I have cloned the git repository referred in my SAP Web ide. (HANA version sps05)

When I have run it in the webide and tried to access the users info it shows below as below. I have used controller url as ./

resources:

- name: controller-api-ex-uaa

type: com.sap.xs.uaa

parameters:

config-path: ./xs-security.json

- name: controller-config

properties:

url: ${controller-url}

What should be the controller url when testing from Webide

Instead I have build the MTA file, which was successful. While deploying it it throws an error as below. Any suggestion on this part, as XSA_ADMIN is already a admin user.

Deleting discontinued configuration entries for application "controller-api-web"...

Registering service URL named "controller-api-ex"...
Error registering service URLs: Controller operation failed: 403 Forbidden: Could not register service URL for service "controller-api-ex" and URL : Forbidden access: could not register service url for service controller-api-ex: User "XSA_ADMIN" is not permitted to perform this action. Admin privileges required.
Unexpected error: Controller operation failed: 403 Forbidden: Could not register service URL for service "controller-api-ex" and URL : Forbidden access: could not register service url for service controller-api-ex: User "XSA_ADMIN" is not permitted to perform this action. Admin privileges required.
Exception occured during execution: "Controller operation failed: 403 Forbidden: Could not register service URL for service "controller-api-ex" and URL : Forbidden access: could not register service url for service controller-api-ex: User "XSA_ADMIN" is not permitted to perform this action. Admin privileges required."
To download the process logs, use the "xs dmol -i 2734305" command in the XS CLI directly in your XS space.
See https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/latest/en-US/b55c125fdd5b4e389eba812e40....
Job failed.

9:35:16 AM (DeploymentToXS) Deployment of the "controller-api" project failed. (Response state is FAILED).

Thank you

Revanth

revanth_reddy
Explorer
‎05-04-2022 12:54 PM
0 Kudos

I was able to identify the controller URL to hard code for WebIDE. Still the deploy error persists.

But there is 401 error, even after all the controller related roles are assigned.

Any Suggestion on this.

Thanks

Revanth

thomas_jung
Developer Advocate
Developer Advocate
‎05-04-2022 2:12 PM
0 Kudos

That error would seem to indicate a specific missing role collection. It could an admin user have more powerful role collections assigned but still need this less powerful one specifically to pass the check.
To be honest this code sample is older (hence moving it to archive) and I've not touched it in a while. But you might find this original blog post that went with helpful: SAP HANA XSA Controller API Interaction | SAP Blogs

Ask a Question