abapGit icon indicating copy to clipboard operation
abapGit copied to clipboard

Published 20 hours ago verified publisher icon abapGit

ACGR: Support for PFCG roles (authorizations)

Open gardian12 opened this issue 5 years ago • 6 comments
trafficstars

Hello together, I need to resume the initial feature request #827

How to handle roles?

Here are the facts about roles:

  • Roles can't be handled with BC Sets
  • Roles are customizing and not linked to a development package
  • Roles are essential part of an application and should be delivered as well
  • Roles can be easily handled as files, see transaction PFCG (upload / download function)
  • Therefore it would be highly recommended also to cover PFCG roles by abapGit
  • Without disturbing the core of abapGit it would be possible.

As an example: Customizing files, like roles, could be stored with a separated folder /cust/, parallel to /src/. Manual selection of role to be added to the repo would be needed any way.

Hope you can reopen, the feature request with this insights.

gardian12 avatar Sep 09 '20 15:09 gardian12

We can build initial object support based on Download/Upload roles functionality image

As a workaround, while is thinking how to assign customizing to the repository, roles can be added via abapGit exit zif_abapgit_exit->change_tadir

jrodriguez-rc avatar Sep 10 '20 08:09 jrodriguez-rc

Well at first we can keep it simple, like a simple upload/download option at abapGit UI to keep or retrieve the files. In background there should be a separated folder created and handled by abapGit to store the files. This folder should be different to the src folder not to harm the development objects underneath.

gardian12 avatar Sep 10 '20 08:09 gardian12

Some additional changes need to be done, everything outside of / and /src/ folders is ignored image

jrodriguez-rc avatar Sep 10 '20 09:09 jrodriguez-rc

Role support is being discussed in this issue #3474

jrodriguez-rc avatar Sep 10 '20 09:09 jrodriguez-rc

When everything outside of / and /src/ folders is ignored, we do not have a problem o create a folder beside /src/ (e.g. /cust/) to store additional files. The function module PRGN_DOWNLOAD_AGRS and PRGN_EXECUTE_UPLOAD can do the job of writing and receiving a role as file. Details as discussed in #3474 are covered by these.

gardian12 avatar Sep 10 '20 16:09 gardian12

Since there are no TADIR entries for roles i.e. no association with packages, I would treat them the same way as TABU data. An extension of the current data serializer seems feasible resulting in role data being persisted in /data/.

mbtools avatar Sep 21 '22 21:09 mbtools

To implement this object type, create a PR or reopen this issue for further discussion.

mbtools avatar Dec 02 '22 19:12 mbtools