The Pattern that stays at the basis of the presented concept is the Role Based Access Control pattern,an access control model currently used to develop secure systems.
This pattern was firstly formalised by Ferraiolo and Kuhn, in 1992 (the 15th National Computer Security Conference,1992, Baltimore MD, pages 554–563), in a form that allows the users to access the resources by using roles and permissions, and where the roles can inherit permissions from other roles.
Various forms of Role Based Access Control have been created and implemented in a variety of commercial systems. Hereunder,we present a extended form of the RBAC pattern.
Pattern Name: Role based access control.
Context:Any environment where we need to control the access to resources based on the user’s roles.
Problem: How we can assign rights to users in concordance with their roles,so that each user to have only the authorization required to carry out his responsibilities?
Solution: It is presented a classmodel for the Role Based Access Control
The role based access control pattern Schumacher et al.(2006)
We will explain this concept as regards to the Application Server ABAP. The Class User represents the user that attempts to access the protected object (transactions, programs, services),and the Role class represents the user roles.A role can be a single role or a composite role. The composite role can contain only single roles, and the single role can contain,for example,the logon menu for the user and authorization objects.SAP offers a large number of single roles to be used, but we can also create our own ones. Class Right describes the access type(delete, write, etc.).
Each user can be member of a group or more.Through the Session class,it is implemented the principle of “least privilege”, according to which a user gets,through every session, only the privileges required to perform his responsibilities.
In our example presented in Fig.the profile administrator creates a single role ZTEST_ROLE,assigns to it the authorization object ZTEST_AUTH,maintains the fields and generates the authorization profile. Our test user, Gellert, tries to perform a delete operation in the YPERSON database,but he doesn’t have assigned the ZTEST_ROLE yet.
That’s why he doesn’t have the authorization to perform this operation.Only after the user administrator assigns him the role, he can perform the delete operation for the database records found in the range 004–100. So,we have the separation between the role administrator and the right administrator. Besides this basic division, there are other different scenarios that can be used.
Applications: J2EE, SAP NetWeaver, Oracle, etc.
SAP ABAP Web Dynpro Related Tutorials
|SAP ABAP Tutorial|
SAP ABAP Web Dynpro Related Interview Questions
|SAP ABAP Interview Questions||SAP ABAP Web Dynpro Interview Questions|
|Sap Abap Hr Interview Questions||SAP ABAP Dictionary Interview Questions|
|SAP ABAP Enhancement Interview Questions||SAP ABAP Module Pool Interview Questions|
|SAP ABAP Report Developer Interview Questions||SAP ABAP Data Dictionary Interview Questions|
|SAP ABAP ALV Reports Interview Questions|
Sap Abap Web Dynpro Tutorial
Sap Easy Access
Designing A Web Dynpro Component
Context Nodes And Attributes At Design Time
Data Binding, Context Mapping And Interface Methods
View Controller Methods
Layout Ui Elements
User Interface Elements (ui Elements) Static And Dynamic Programming
Messages, Exceptions And Web Dynpro Abap
Writing Multilanguage Applications
Alv And Select Options
Integrating A Web Dynpro Application Into The Sap Netweaver Portal
Web Dynpro And Authorization
Web Dynpro Mind Map
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.