Skip to main content

Overview

S4Kit uses a granular permission model that controls access at multiple levels: instances, services, entities, and operations.

Permission Hierarchy

Operations

Each entity can have these operations:
OperationHTTP MethodDescription
listGET (collection)Query multiple entities
getGET (single)Retrieve one entity
createPOSTCreate new entity
updatePATCH/PUTModify existing entity
deleteDELETERemove entity

Permission Configuration

Basic Configuration

Full Example

Wildcards

Entity Wildcard

Grant access to all entities in a service:

Service Wildcard

Grant access to all services on an instance:

Permission Checks

Check Flow

Example Checks

Request: GET /A_BusinessPartner?$top=10
Request: DELETE /A_BusinessPartner('10100001')

Error Responses

Missing Instance Access

Missing Entity Access

Missing Operation Access

Best Practices

Principle of Least Privilege

Only grant permissions that are needed:

Environment Separation

Different permissions per environment:

Separate Keys by Use Case

Audit Regularly

Review API key permissions periodically:
  • Remove unused permissions
  • Revoke unused keys
  • Check for overly broad access

Common Patterns

Read-Only Analytics

Order Processing

Master Data Sync

Development/Testing