Policy
The Policy tool is used to create policies that control user access. Policies can be assigned to Tiles, Apps and Rest APIs.
Creating a policy
To create a new access control policy proceed as follows:
Click on the Add Policy button, The policy detail view will open. This view has three tab options.
Assignment Tab
On the Assignment tab, you can add a combination of:
-
Roles: your SAP authorization roles available on the ABAP web application server on which Neptune is installed, defined using transaction PFCG
-
Users: defined using transaction SU01
-
Function Module: Custom logic can also decide if a user is part of a policy or not.
In the case of adding a Function Module as part of the Policy, it must return the Approved parameter as shown in the example below.
function z_check_policy.
*"----------------------------------------------------------------------
*"*"Local Interface:
*" IMPORTING
*" REFERENCE(POLICY_DATA) TYPE /NEPTUNE/POLICY_FM_DATA
*" EXPORTING
*" REFERENCE(APPROVED) TYPE I
*"----------------------------------------------------------------------
" Only grant access to internal users
" for naming convention when external user ids begins with EXT-
if strlen( sy-uname ) > 3 and sy-uname(4) = 'EXT-'.
approved = 0.
else.
approved = 1.
endif.
endfunction.