Skip to Content

consume and edit HANA users properties through an API

Heeejjj there,

currently we are building an app to run on XSA. This app uses the UAA service for authentication and authorization. One part of this app is an user management system.

The use case is basically that an app admin can see all HANA users (including firstname, lastname and email) in our app and is able to edit those fields. (Editing this fields can be considered as optional because editing can be done through XSA Cockpit)

Reading is mandatory because we want to attach fields which are necessary for our app to each user in our own context. (link between UAA and our app would be the HANA user name)

To summarize every HANA user can use this app and an app admin can attach app specific information to each user.

Is there any API which we can use to consume this user information?

We already tried the controller API but we have only found user guids.

Furthermore we considered to use the uaa but we couldn't solve the role/privilege. (See this post: https://answers.sap.com/questions/511804/access-uaa-rest-api-assign-uaaadmin-to-an-user.html).

Shall we just consume the HANA tables on the DB? Any hints are helpful. Thank you in advanced.


Cheers,

Frank

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • May 17 at 12:20 PM

    First are you wanting to display/update the HANA User or the XSA Business User? They aren't necessarily the same thing. Or you using HANA User DB as your XSA User Store or an external IDP? If HANA is your user store and you migrate your HANA User to be XSA Business Users, then you can do what you described above using only SQL against the Users view + SQL commands like CREATE USER/ALTER USER. XS Role collections can even be assigned by altering the user with SQL as they are stored as parameters on the user profile in this case:

    EXEC 'ALTER USER ' || :lv_user || ' SET PARAMETER XS_RC_XS_CONTROLLER_USER = ''XS_CONTROLLER_USER''';

    However if you need to set Controller Org or Space roles, you will need to call the controller APIs.

    To part of your question in the other thread, I believe you would have to call /v2//users to get the list and their guids and the loop over that and call /v2/users/{guid} for each one for more details. However if you are going to get into the role collection assignments and you aren't using the HANA user store (and the SQL ALTER USER approach), then you will have to call the separate UAA APIs. See examples here: https://github.com/I809764/controllerAPI/blob/master/node/router/routes/users.js

    Add comment
    10|10000 characters needed characters exceeded