Skip to Content

how to enforce structured privileges on users in SCP CF app ...

the scenario is as follows :

I have a CF app on SCP .I have a technical user(_RT) for my HDI / Haas .

I have created a structured privilege (Analytical privilege ).I want to show only relevant rows of a calculation view based on the users assignment ...example a country sales manager in the US can only see US sales.

how can i implement this .... the analytical privilege is always picking up the _RT user which is common for all users and not filtering the calc view...

If I create attributes specific to users in the xs-security.json ...how can i access this in my structured privileges / Hana DB

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Feb 06 at 05:33 PM

    Hi Rakshetha,

    Please don't mix usage of the XSC artifacts with XSA artifacts - it will only get you into more headache that what's really necessary. This goes for security artifacts, users and users as well as database runtime artifacts. O this later case, you could do cross schema database access with the XSC schema - but the consumption will always need to go thru an HDI container and CF security.

    First, you will need to bind an instance of XSUAA service to both your application and the an application router. This app router is usually a NodeJS application that will "act" as your entry point for all UI (i.e.: Fiori) and all required service routes. SAP provides the full implementation of an app router that will talk with the XSUAA service instance to provide your application and services that require authentication. Once authenticated it will generate a JWT token which can then be used to check for user attributes and application scopes.

    Please check my blog on this topic as well as the newest openSAP Software Development on HANA (Q1) Week 1 Unit 5/6.

    Best regards,
    Ivan

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Ivan this was an interesting read , thanks a lot .

      I still have a few blank spots but i hope i will read the material and get better at this soon.

      best regards

      Rakshetha

  • Apr 12 at 09:00 AM

    Hi Ivan I was able to get the structured privilege working by using the DCL concept .

    The links you shared were really helpful.

    points to note for anyon facing this : please refer to Access policy in this link

    https://help.sap.com/viewer/09b6623836854766b682356393c6c416/2.0.02/en-US/0a2d096fa742479987a3c53a8e074983.html

    #CalculationViewsInSAC #AccessSpecifiersforViews

    Add comment
    10|10000 characters needed characters exceeded