Skip to Content

Business Roles checks within ABSL Scripts

Business roles are a central part of your security strategy, they can be key to define the system access and usage policies.

You can link Business Roles to reports, code list restrictions, page layouts, work center assignments, field restrictions and so on. For more information on configuration and business scenarios, check this post: http://scn.sap.com/community/cloud-for-customer/blog/2015/07/02/blog-series-access-control-management-basics-of-access-control-and-business-roles.

One not so well known feature on SAP Hybris Cloud for Customer is the ability to check directly in runtime if a user has a given Business Role.

The library IdentityManagement can help you with this purpose. Code below shows how to check if current user has the Business Role “ADMIN” assigned.

import ABSL;

import AP.Common.GDT as commonGDT;

import AP.PC.IdentityManagement.Global;

var hasAdmin : DataType::Indicator;

var identityUUID = Context.GetCurrentIdentityUUID();

var roles = IdentityUtilities.GetAssignedBusinessRoles(identityUUID);

foreach (var businessRole in roles.BusinessRoles){

       if (businessRole.content == "ADMIN"){

             hasAdmin = true;

       }

}

It is also possible to check which Business Roles other users have. On the example below, a query is made based on variable BusinessPartnerUUID in order to retrieve its IdentityUUID, which is then used to verify if the user has the Business Role “ADMIN” assigned.

import ABSL;

import AP.Common.GDT as commonGDT;

import AP.PC.IdentityManagement.Global;

var hasAdmin : DataType::Indicator;

var identityUUID : commonGDT : UUID;

if (!BusinessPartnerUUID.IsInitial()){

       var queryIdentity = Identity.QueryByElements;

       var selParamsIdentity = queryIdentity.CreateSelectionParams();

       selParamsIdentity.Add(queryIdentity.BusinessPartnerUUID.content, "I", "EQ", BusinessPartnerUUID);

       var queryResultIdentity = queryIdentity.ExecuteDataOnly(selParamsIdentity);

       var identity = queryResultIdentity.GetFirst();

       identityUUID = identity.UUID;

}

var roles = IdentityUtilities.GetAssignedBusinessRoles(identityUUID);

foreach (var businessRole in roles.BusinessRoles){

       if (businessRole.content == "ADMIN"){

             hasAdmin = true;

       }

}

The code can also be improved based on your business logic, such as having more than one business Role to check or making the Business Role name customizable through the usage of a Business Configuration Object.

Hope this helps!

Tags:
Former Member