cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need help with creating multitenant application and design

Go to solution
stanislav_lvovsky
Explorer

on ‎04-03-2016 6:36 AM

0 Kudos

Hi Experts,

I need your help with the following requirement:

I have 2 applications App1 and App2. Both apps are deployed on a provider account.

My end users get only App1 as a subscription. They do not get direct access to App2.

App1 uses a service of the App2 which is exposed as a rest API.

App2 is a simple web app that manages a DB table implemented with JPA and it's ui is build with UI5.

App2 has 2 roles Administrator and Developer. The response of the App2 service depends on a user role.

Only an administrator knows the direct URL to the App2.

All end users of the App1 are assigned to the Developer role. App1 calls App2 service via configured destination in the provider account.

My problem is that when an App1 user performs and action that triggers access to App2 he gets access denied 401.

It seems that when the request arrives to App2 service it does not recognizes that a user belongs to Developer role.

Do I need to configure / develop something to make the following design work ?

Regards,Slavik

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

vladimir_savchenko
Explorer
‎04-14-2016 6:57 AM
0 Kudos

Hi Stanislav,

Can you please clarify:

1. What kind of destination are you using for the call from App1 to App2?

2. Does this destination support Principal Propagation?

3. Are the users defined in the Provider Account (and roles assigned there) or in the Subscriber Account?

Regards, Vladimir

Show replies
Show replies
stanislav_lvovsky
Explorer
‎04-14-2016 7:56 AM
0 Kudos

Hi Vladimir,

I used questions in your answer and found the problem

It was a mistake in the destination.

Regards,

Slavik.

vladimir_savchenko
Explorer
‎04-14-2016 10:15 AM
0 Kudos

great

agentry_src
Active Contributor
‎04-14-2016 12:43 PM
0 Kudos

Please mark this Discussion with a Correct Answer (closes, but does not lock the Discussion) and Helpful Answer where appropriate. See http://scn.sap.com/community/support/blog/2013/04/03/how-to-close-a-discussion-and-why   Even if you discovered the solution without any outside contributions, it helps others to understand what the solution turned out to be. 

Do not use Assumed Answered as it confuses anyone looking for the specific answer.  If you dig into the Getting Started link (top right of each SCN page), you are only instructed to mark Helpful or Correct Answers to Discussion responses. 

Thanks, Mike (Moderator)

SAP Technology RIG

Answers (0)

Ask a Question