Implementing Authorization Checks Flashcards
What is the responsibility of the database interface in ABAP?
The database interface in ABAP is responsible for processing requests to the database, ensuring that SQL statements are executed correctly.
How does the database interface handle user authentication?
The database interface typically logs onto the database with a special user account that has broad permissions, allowing it to execute almost any operation on the database.
What is the purpose of the authorization concept in ABAP?
it serves to restrict the privileges of business users when interacting with the database, ensuring they only have access to perform certain actions on specific data.
What is an authorization object in ABAP BTP?
An authorization object in ABAP BTP is a fundamental component used to regulate access to various resources and functionalities within the platform.
What role does an authorization object play in ABAP BTP?
An authorization object defines a set of rules that determine whether a user is authorized to perform specific actions or access certain data within the ABAP BTP environment.
What is an IAM app in ABAP BTP?
An IAM (Identity and Access Management) app in ABAP BTP refers to an application or service that handles user authentication, authorization, and identity management within the BTP environment.
What role does an IAM app play in ABAP BTP?
An IAM app is responsible for managing user identities, verifying user credentials, and controlling access to resources and functionalities based on defined policies and permissions.
What is the business catalog in ABAP BTP?
a business catalog is a centralized repository or directory that contains a collection of business roles, authorization objects, and associated authorizations. It serves as a catalog of available roles and permissions within the BTP environment.
What role does the business catalog play in managing authorization objects in ABAP BTP?
The business catalog serves as a repository for authorization objects and their configurations. It organizes authorization objects into logical groups and associates them with specific business roles. IAM apps utilize the business catalog to assign relevant authorization objects to users or roles, ensuring proper access control and security enforcement.
What is a business role in ABAP BTP and a Business User?
A business role in ABAP BTP defines a set of tasks or responsibilities that a user or group of users can perform within the BTP environment. It encompasses a collection of Business catalogs.
This Business role is then assigned to a Business User who can then execute the permitted actions.
Explain the relation between authorization object, IAM App, Business Catalog and Business Role.
To assign an authorization to a user, you include the authorization in an IAM App.
Here you can assign values to the fields of the authorization object. They describe what data the user is allowed to access.
Next you assign several IAM apps to a business catalog and publish it.
Now the admin takes over and creates a business role containing one or more business catalogs.
Then, business users are assigned to the business role
What are the two kinds of authorization checks in ABAP?
The first kind is a check bound to a CDS view, filtering retrieved data based on user authorizations. The second kind is an explicit check using the AUTHORITY-CHECK statement.
How does the authorization check bound to a CDS view work?
It filters retrieved data according to the user’s authorizations, ensuring that only permitted data is returned.
What is the purpose of the AUTHORITY-CHECK statement in ABAP?
The AUTHORITY-CHECK statement sets a return code value to determine if the user has the required authorization for a specific action.
How are authorization checks typically used in the ABAP RESTful Application Programming model (RAP)?
Access controls are employed for read operations, while AUTHORITY-CHECK statements are utilized to validate authorizations before permitting changes to data.
How do you implement access controls on a CDS view entity?
To implement access controls, you create an object with type Access Control. In this example, the access control checks authorization for a specific object (/DMO/TRVL) and compares the field /DMO/CNTRY with values in the database, setting the activity to ‘03’ for read access.
What happens when a user selects data using a CDS view with access controls?
The system uses the access control to determine the required values and compares them with the authorization values assigned to the user. It then sets a filter to ensure that only data corresponding to the user’s authorization is read, ensuring both security and performance efficiency.
How do you perform an explicit authorization check in ABAP?
you use the AUTHORITY-CHECK statement, specifying the authorization object and the required values. For example, AUTHORITY-CHECK checks against object /DMO/TRVL, requiring the user to have authorization with ‘US’ for field CNTRY and ‘03’ for field ACTVT.
