Interface specification
The BizRights Interchange Format (BIF) XML files are generated based on this relationship diagram.
The entities involved in this model and their description are as given
in this table:
| Entity | IRC table | Description | Mandatory |
|---|---|---|---|
| User/ Principal | Application Principals | Define the APPLICATIONPRINCIPALS or the users being monitored. Specify the user name and user type in the PrinicipalBCP.xml file. | Yes |
| User/ Principal Attributes | ApplicationPrincipal
AttributeValues |
List user details, such as first name, last name and e-mail in the PrinAtrbValBCP.xml as name-value pairs. The Principal attribute values must have information about the users lock status, validity and user group. | Yes |
| Role |
ApplicationRole |
Every user must have one or more roles. The role name and role type is stored in RoleBCP.xml file. The list of supported role types is given in the RoleBCP.xml section. | Yes |
| Role Attributes | ApplicationRole
Attributes |
List role details, such as, Modified By, Modified On and Expires on in RoleAttribBCP.xml file. | No. In case the application also contains attributes for roles, the role name and the attribute name can be added to RoleAttribBCP.xml. |
| Role Assignment | ApplicationRole
Assignement |
The roles assigned to a user are stored in the RoleAsgnBCP.xml file. | Yes. Every user must have one or more roles. |
| Authorizations | Authorizations | Roles must include a set of authorizations (NativeAuthorization or Authorization Object Instance) which can have a parent authorization (ParentName or Authorization Object). If no parent authorization is available, the NativeAuthorization can be taken as the ParentName. This information is stored in AuthBCP.xml. | Yes |
| Authorization Attributes | Authorization
Attributes |
Each authorization should have one or more attributes and these attributes are stored in AuthAttribBCP.xml as name-value pairs. | Yes |
| Role Authorization Map | ApplicationRole
Authorizations |
The authorizations assigned to each role are stored in RoleAuthBCP.xml. | Yes. At least one role must have one or more authorization assigned. |
| Object Description | AppMasterDesc | Objects in DescBCP.xml is used for IRC to identify which attributes should be used for rule building and analysis. | Yes |
| Object Description Attributes | ApplicationObject
DescXRef |
Each object and its attribute information are stored in ObjDescXRefBCP.xml file. | Yes |
| Transaction Auth Map | ApplicationTransaction
AuthMapping |
The transaction objects linked to each authorization is stored in TransAuthMap.xml file. This file is SAP specific and relevant only if your application has a similar security model. | Yes |
The file must not contain special characters such as (&, >, <,’’,’). These characters must be handled by the non-SAP applications. The special characters are listed in this table:
| Character | Entity reference | Character reference |
|---|---|---|
| Ampersand | & | & |
| Left angle bracket | < | < |
| Right angle bracket | > | > |
| Straight quotation mark | " | " |
| Apostrophe | ' | ' |