This article demonstrates how to redefine the OData services to enhance the security of the applications.
Info |
---|
This technique is also useful in redefining the FAB Core Service Entity Sets for enhancements in the customer system. |
Prerequisites
You have a stand-alone application
Procedure
Step 1 | Create a new project in transaction SEGW. | ||||||
Step 2 | Right-click on the Data Model → Redefine → OData Service (SAP GW) to enter the Redefine Service Wizard. Enter the following information: Technical Service Name: /IQX/FAB_SRV Version: 001 Click Next. | ||||||
Step 3 | Select all the Services and click Finish. Click Save. | ||||||
Step 4 | Go to Data Model → Model References → /IQX/FAB_MDL-0001 and click Generate. In the Model and Service Definition dialog, click Continue. Runtime Objects Generated. Take note of the Data provider implementation class and the Service Name. | ||||||
Step 5 (Optional) | Open the Data provider implementation class ZCL_ZTEST_PROJECT_DPC_EXT. Notice that it inherits from the superclass /IQX/CL_FAB_DPC_EXT. | ||||||
Step 6 | Go to transaction /n/IWFND/MAINT_SERVICE → Add Service. Input the System Alias and the Technical Service Name. Press Enter. Click Add Selected Services and click Continue. | ||||||
Step 7 | In your stand-alone app, replace the original FAB service with the redefined service. Edit the manifest.json file of the Stand-alone App in the transaction /n/IQX/FAB. Right-click on the Project Node → Create File.
Set the Id / File Name to manifest.json. Select Click the Ellipsis button of the Source Element to Edit the source code. A Source Conflict dialog will appear, click Continue to use the content from the Repository. Locate the "dataSources" section in manifest.json. Replace the “uri“ /iqx/FAB_SRV with the new service name /sap/ZTEST_PROJECT_SRV. Old JSON:
New JSON:
Click Save & Close. Ignore the syntax errors, click Ok. | ||||||
Step 8 | Save Project. The application is now using the redefined service. The security team can create a role that includes this servicean authorization/role for the redefined service that can be used by the stand-alone application. |