cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to hide user id fetched from userapi in odata service request

SaurabhN
Participant

on ‎09-27-2021 9:54 AM

0 Kudos

Hi,

I am using SAP BTP Portal service to display SAP UI5 applications on SAP Fiori launchpad sites.

External users (no access to SAP GUI) are accessing launchpad through P-user id (P00000) which comes from a custom IDP.

I fetch logged in external user's uid from userapi (/services/userapi/attributes).

External user (P-user ID) details are already loaded in a customizing table on SAP system.

Following is the OData service request parameters:

How do i hide the user id parameter for security reason in both Neo and Cloud foundry environment?

Kindly suggest a way to handle the above mentioned scenario.

Thank you.

Show replies
Show replies
gregorw
Active Contributor
‎09-27-2021 11:50 AM
0 Kudos

How is the destination to your backend system configured? Is it using Basic Auth with a technical user or is it using principal propagation?

SaurabhN
Participant
‎09-27-2021 11:58 AM
0 Kudos

Hi Gregor,

It is Basic Authentication with a technical user.

Answer
View Entire Topic
gregorw
Active Contributor
‎09-27-2021 1:33 PM
0 Kudos

When you can't create the users also in the backend and use principal propagation you have to create a middleware on SAP BTP so that the filter based on the User ID is added there and hidden from the user.

With a basic auth destination acessible from a UI5 app you give every authenticated user the option to read all data because they can modify the filter options.

Show replies
Show replies
SaurabhN
Participant
‎10-05-2021 3:56 PM
0 Kudos

Can SAP API management be used as middleware?

Ask a Question