xs-security.json•4.87 kB
{
"xsappname": "btp-sap-odata-to-mcp-server-${space}",
"description": "BTP SAP OData MCP Server Security Configuration",
"scopes": [
{
"name": "$XSAPPNAME.read",
"description": "Read access to SAP OData services via MCP"
},
{
"name": "$XSAPPNAME.write",
"description": "Write access to SAP OData entities (Create/Update)"
},
{
"name": "$XSAPPNAME.delete",
"description": "Delete access to SAP OData entities"
},
{
"name": "$XSAPPNAME.admin",
"description": "Administrative access to MCP server configuration"
},
{
"name": "$XSAPPNAME.discover",
"description": "Service discovery and metadata access"
},
{
"name": "$XSAPPNAME.ui.forms",
"description": "Generate and render interactive forms for SAP entities"
},
{
"name": "$XSAPPNAME.ui.grids",
"description": "Create and display data grids with sorting and filtering"
},
{
"name": "$XSAPPNAME.ui.dashboards",
"description": "Compose and render interactive dashboards"
},
{
"name": "$XSAPPNAME.ui.workflows",
"description": "Build and execute visual workflows"
},
{
"name": "$XSAPPNAME.ui.reports",
"description": "Generate interactive reports with drill-down capabilities"
}
],
"role-templates": [
{
"name": "MCPViewer",
"description": "Read-only access to MCP services and discovery",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.discover"
]
},
{
"name": "MCPEditor",
"description": "Read and write access to MCP services",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.write",
"$XSAPPNAME.discover"
]
},
{
"name": "MCPUIUser",
"description": "Access to UI tools for forms and grids",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.discover",
"$XSAPPNAME.ui.forms",
"$XSAPPNAME.ui.grids"
]
},
{
"name": "MCPUIAnalyst",
"description": "Access to UI analytics tools",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.discover",
"$XSAPPNAME.ui.dashboards",
"$XSAPPNAME.ui.reports"
]
},
{
"name": "MCPUIDesigner",
"description": "Full access to all UI tools",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.write",
"$XSAPPNAME.discover",
"$XSAPPNAME.ui.forms",
"$XSAPPNAME.ui.grids",
"$XSAPPNAME.ui.dashboards",
"$XSAPPNAME.ui.workflows",
"$XSAPPNAME.ui.reports"
]
},
{
"name": "MCPManager",
"description": "Full access including delete operations",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.write",
"$XSAPPNAME.delete",
"$XSAPPNAME.discover"
]
},
{
"name": "MCPAdmin",
"description": "Full administrative access to MCP server including all UI tools",
"scope-references": [
"$XSAPPNAME.read",
"$XSAPPNAME.write",
"$XSAPPNAME.delete",
"$XSAPPNAME.admin",
"$XSAPPNAME.discover",
"$XSAPPNAME.ui.forms",
"$XSAPPNAME.ui.grids",
"$XSAPPNAME.ui.dashboards",
"$XSAPPNAME.ui.workflows",
"$XSAPPNAME.ui.reports"
]
}
],
"role-collections": [
{
"name": "MCPAdministrator",
"description": "Full administrative access to SAP MCP OData Server",
"role-template-references": [
"$XSAPPNAME.MCPAdmin"
]
},
{
"name": "MCPUser",
"description": "Standard user access to SAP MCP OData Server",
"role-template-references": [
"$XSAPPNAME.MCPEditor"
]
},
{
"name": "MCPManager",
"description": "Manager access with delete permissions to SAP MCP OData Server",
"role-template-references": [
"$XSAPPNAME.MCPManager"
]
},
{
"name": "MCPViewer",
"description": "Read-only access to SAP MCP OData Server",
"role-template-references": [
"$XSAPPNAME.MCPViewer"
]
},
{
"name": "MCPUIUser",
"description": "Access to UI form and grid tools",
"role-template-references": [
"$XSAPPNAME.MCPUIUser"
]
},
{
"name": "MCPUIAnalyst",
"description": "Access to UI analytics and reporting tools",
"role-template-references": [
"$XSAPPNAME.MCPUIAnalyst"
]
},
{
"name": "MCPUIDesigner",
"description": "Full access to all UI design and workflow tools",
"role-template-references": [
"$XSAPPNAME.MCPUIDesigner"
]
}
],
"oauth2-configuration": {
"redirect-uris": [
"https://*.cfapps.*.hana.ondemand.com/**"
]
}
}