Closed I590232 closed 20 hours ago
Hi,
isn't this a standard limitation of SAP documented here? https://cap.cloud.sap/docs/guides/security/authorization#limitation-deep-authorization
I would close this issue, since it's not a change-tracking related, but rather a CAP limitation
Hi Team,
Trying to implement security for Change Tracking of an Entity through navigation but still able to access it by expanding through url. I have below service with ErrorPricing Entity for which Change Tracking is enabled.
service ErrorPricingService { @(Capabilities: { InsertRestrictions.Insertable: true, UpdateRestrictions.Updatable : true, DeleteRestrictions.Deletable : false }) @odata.draft.enabled: true entity ErrorPricing as projection on errorPricing.ErrorPricing; }
Below is the security service implemented for the entity.
annotate ErrorPricingService.ErrorPricing with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
I tried using below approach but it results in internal server error.
annotate ErrorPricingService.ErrorPricing.changes with @(restrict: [ { grant: ['*'], to : 'PriceAdminInternal' }, { grant: ['READ'], to : 'PriceViewerInternal' }, { grant: ['READ'], to : 'PriceAdminExternal' } ]);
Below are the snapshots from the url from where I am able to access changes by expanding the url. ![Uploading Screenshot 2024-10-29 at 11.29.22 PM.png…]()