The authorization capabilities in SAP Mobile Platform center around two primary authorization methods: role checks and resource access checks.
Role checks are performed using the context’s checkRole() method, passing the role ID as the parameter. A list of potential roles that may be used for access checks can be retrieved using the listRoles() method. Some provider sets have the ability to enumerate the roles available. The return value of this method does not necessarily comprise the complete list of roles, depending on the providers.
The calls to the variety of SecContext.checkAccess() and SecContext.checkRole() methods by the client result in calls to the corresponding methods in the authorization provider. The security context combines the results of the role and access check from all of the configured authorization providers when delegating these calls. Therefore, because one provider identifies a user as having a particular role, it does not mean that the checkRole() call succeeds.