Documentation for $XSAPPNAME is missing the 3-parameter form with identity zone/subaccount.
Closed this issue · 2 comments
Issue description
The reference documentation for $XSAPPNAME shows only the forms with 0, 1 and 2 parameters.
But there is a form with 3 parameters, as explained in the blog post from Carlos Roggan (https://blogs.sap.com/2020/08/31/how-to-call-protected-app-from-external-app-from-different-subaccount) which actually works.
It is $XSAPPNAME(application, <identity-zone>, <xsappname>).
This is required to grant scopes across subaccounts and seems to work only with client credentials.
Interestingly it is used in the example on this page for HANA XS Advanced https://help.sap.com/docs/SAP_HANA_PLATFORM/4505d0bdaf4948449b7f7379d24d0f0d/6d3ed64092f748cbac691abc5fe52985.html, see "zone-guid-1", but never explained.
Unfortunately this page https://help.sap.com/docs/btp/sap-business-technology-platform/technical-communication-with-tightly-coupled-developments is also missing this information and makes it look like it could work only with app located in the same subaccount.
Feedback Type (Optional)
None
Page Title on SAP Help Portal (prefilled)
Application Security Descriptor Configuration Syntax
Page URL on SAP Help Portal (prefilled)
We don't recommend to use three parameters. For this reason, you won't find it in the official documentation. We are talking here about grants that exceed subaccount limit, and we do not want to implement this kind of grants. (product owner's statement)
We don't recommend to use three parameters. For this reason, you won't find it in the official documentation. We are talking here about grants that exceed subaccount limit, and we do not want to implement this kind of grants. (product owner's statement)