Policy

The Policy tool is used to create policies that control user access. Policies can be assigned to Tiles, Apps and Rest APIs.

policy main

Creating a policy

To create a new access control policy proceed as follows:

Click on the Add Policy button, The policy detail view will open. This view has three tab options.

Policy Tab

The policy name and description are captured in this view.

policy new

Assignment Tab

On the Assignment tab, you can add a combination of:

  • Roles: your SAP authorization roles available on the ABAP web application server on which Neptune is installed, defined using transaction PFCG

  • Users: defined using transaction SU01

  • Function Module: Custom logic can also decide if a user is part of a policy or not.

policy assignment

In the case of adding a Function Module as part of the Policy, it must return the Approved parameter as shown in the example below.

function z_check_policy.
*"----------------------------------------------------------------------
*"*"Local Interface:
*"  IMPORTING
*"     REFERENCE(POLICY_DATA) TYPE  /NEPTUNE/POLICY_FM_DATA
*"  EXPORTING
*"     REFERENCE(APPROVED) TYPE  I
*"----------------------------------------------------------------------
   " Only grant access to internal users
   " for naming convention when external user ids begins with EXT-
   if strlen( sy-uname ) > 3 and sy-uname(4) = 'EXT-'.
      approved = 0.
   else.
      approved = 1.
   endif.
endfunction.

Where-used Tab

Display the Tiles , Applications and Rest APIs those are affected by the Policy.

policy where used

Copying a Policy

You can make a new policy by copying an existing one. Simply by clicking on the copy button from the top toolbar.

policy copy