Get Example source ABAP code based on a different SAP table
• BY PRIVILEGED MODE ABAP_BDL • AND ABAP_BDL , DEFINE OWN AUTHORIZATION CONTEXT
ABAP_RAP - define own authorization context
ABAP_SYNTAX define own authorization context by privileged mode; $| define own authorization context by privileged mode and { $[AuthObject1;$] $[ AuthObject2;$] $[...$] } $| define own authorization context { $[AuthObject1;$] $[ AuthObject2;$] $[...$] }
What does it do? Defines a full authorization context for a RAP BO. A full authorization context lists one or multiple authorization objects which are checked by the implementation methods of the ABAP behavior pool itself, or by existing code that is called by the ABAP behavior pool implementation. The full authorization context documents the authorization objects used in the implementation of the RAP BO in question. It must be complete and exhaustive, otherwise, a syntax check warning occurs. Three different notation options exist:
define own authorization context by privileged mode; When using this option, the authorization context ContextName specified after with privileged mode disabling ContextName is copied to the full authorization context. In other words, the authorization objects which are disabled in BDEF privileged mode are automatically reused for the full authorization context. You can use this notation when the full authorization context is identical to the context used for the privileged mode, meaning when privileged mode disables all authorization objects without exception.
define own authorization context by privileged mode and {...} This syntax variant copies all authorization objects which are disabled in BDEF privileged mode and it allows you to specify further authorization objects AuthObject1, AuthObject2, ... after and for the full authorization context.
define own authorization context {...} When using this option, you must individually list all authorization objects AuthObject1, AuthObject2, .... that are checked in the ABAP behavior pool. This syntax variant is useful for a BDEF without privileged mode. A full authorization context may be defined before, between, or after the entity behavior definitions. It is possible to define an empty full authorization context define own authorization context { ... }. One RAP behavior definition can have no more than one full authorization context.
Dependency All authorization objects listed in a full authorization context which are allowed in a privileged authorization context as per their classification in transaction SU21 must be listed in a privileged context. Otherwise, a syntax check warning occurs.
ABAP_USE A full authorization context is respected in the following cases:
By transaction SU22 to generate authorization default values.
By contract checks which enforce a complete and exhaustive full authorization context when switched on.
ABAP_AVAILABILITY
Managed RAP BO
Unmanaged RAP BO
Projection BDEF: a projection BDEF can define a full authorization context independently of the projected BDEF. This means that a full authorization context can be defined in the projection layer even if the projected entity does not have a full authorization context. ABAP_AVAILABILITY_END
Latest notes: NON_V5_HINTS In transaction SAAB, contract check CC_RAP_CONTRACT can be switched on. This contract check enforces a complete and exhaustive full authorization context. ABAP_HINT_END
ABAP_EXAMPLE_VX5 The following managed BDEF defines three authorization contexts:
ac_2
ac_priv
A full authorization context with privileged mode disabling disables ac_priv and the full authorization context reuses the authorization objects listed in ac_priv. It adds one further authorization object to the full authorization context. ABAP_NOTE This example is intentionally kept short and simple and serves demonstration purposes only. The RAP handler method FOR INSTANCE AUTHORIZATION is not implemented here. In a real-life scenario, the authorization objects from the full authorization context would be implemented in this RAP handler method. BDEF DEMO_RAP_OWN_AC_SHORT ABAP_EXAMPLE_END
