cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to restrict access to a URL based on role

Go to solution
Former Member

on ‎01-29-2009 9:24 AM

0 Kudos

Hi guys,

I have an application whereby the first page is a menu containing links to other web dynpro applications.

When the user clicks the URL, i want to check whether he has the appropriate role in order for him to proceed. If he doesn't have the appropriate role, then i want to show him a message.

How do i do that ?

Thanks

Regards,

Daniel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Sharathmg
Active Contributor
‎01-29-2009 9:29 AM
0 Kudos

Is it necessary for the user to view the link to other application inspite of not havign the necessary roles?

You can retrieve the user's roles by setting the authentication porperty "On" and use the com.sap.security.. api methods to obtain the roles of the login user. Subsequently, display the links of application if the user has the necessary roles.

Hope this helps.

Regards,

Sharath

Show replies
Show replies
Former Member
‎01-29-2009 9:38 AM
0 Kudos

Hi Sharath,

Yes i want leave the menu as it is and not hide the url.

How do i do that ?

Thanks.

Rgds,

Daniel

Former Member
‎01-29-2009 9:55 AM
0 Kudos

In that case, you can display all application names as link to actions. In onActionClick() Method of any application name (link to action), write code (using IUser api) to check the roles. Depending upon assigned roles fire the plug of the view you want to navigate to.

Former Member
‎01-29-2009 10:29 AM
0 Kudos

Hi Anagha,

Thanks for the tips.

I m thinking that if we put the check in the wdDoInit method of the views of the different applications and check the roles there. So if the user doesn't have the appropriate role, can fire the plug to to a common error page.

Will it not be more secured ?

Thanks.

Rgds,

Daniel

Former Member
‎01-29-2009 11:17 AM
0 Kudos

That looks like a better option. So, are you facing any problem in your approach?

Answers (3)

Answers (3)

Former Member
‎01-30-2009 5:34 AM
0 Kudos

hi,

You can try by putting your aplication in "security zones" which first check before executing application whether user is assigned permission or not..

Chekc following link :-

http://help.sap.com/saphelp_erp2004/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/frameset.htm

Regards,

Jigar Oza

Show replies
Show replies
Former Member
‎02-02-2009 10:12 AM
0 Kudos

Hi guys,

Thanks for the tips.

I managed to find a solution to the above.

I created an exit plug of the interface view.

Then i did the authorization check in the onPlugDefault method of the interface view and if user doesnt have the required authority, fire the exit plug there. It works.

Rgds,

Daniel

Former Member
‎01-29-2009 11:25 AM
0 Kudos

you can use this code to check that user is assigned to a role.


public boolean isUserAssignedToRole( )
  {
    //@@begin isUserAssignedToRole()
	try{
	   String cur_user = WDClientUser
	   				.getCurrentUser()
	   				.getSAPUser()
	   				.getUniqueName();
	   						
	   IRole role = UMFactory.getRoleFactory().getRole( <Role ID>);
	   Iterator itr = role.getUserMembers( true);
	   while( itr.hasNext()){
		   IUser usr = UMFactory.getUserFactory().getUser( itr.next().toString());
		   if( usr.getUniqueName().equalsIgnoreCase( cur_user)){
			   return true;	
		   }
	   }
	   }catch( WDUMException e){
	   } catch (UMException e) {
	}
	return false;
    //@@end
  }

set Visibility according to the return value.

vinod v

Show replies
Show replies
Former Member
‎01-29-2009 9:34 AM
0 Kudos

Another way could be to check roles first and display only those urls that are permissible for that role.

Regards,

Anagha

Show replies
Show replies
Ask a Question