Merge branch 'main' of https://github.com/capire/docs

Author: renejeglinsky

cds/assets/cxl/expr.drawio.svg

@@ -166,6 +166,13 @@ Ensure that database transactions are either committed or rolled back. This can
 
 If you're using [@sap/hana-client](https://www.npmjs.com/package/@sap/hana-client), verify that the environment variable [`HDB_NODEJS_THREADPOOL_SIZE`](https://help.sap.com/docs/SAP_HANA_CLIENT/f1b440ded6144a54ada97ff95dac7adf/31a8c93a574b4f8fb6a8366d2c758f21.html?version=2.11) is adjusted appropriately. This variable specifies the amount of workers that concurrently execute asynchronous method calls for different connections.
 
+### Why are requests rejected with `431` and not logged?
+
+|              | Explanation                                                                                                          |
+|--------------|----------------------------------------------------------------------------------------------------------------------|
+| _Root Cause_ | `431` occurs when the size of the request headers exceeds the maximum limit configured in the Node.js HTTP server. In this case, the Node.js HTTP server rejects the request during the initial parsing phase before it reaches CAP. Therefore, the request is not logged by the application.                                    |
+| _Solution_   | Inspect the request headers and check their size. If large headers are required and cannot be reduced, increase the maximum allowed HTTP header size in Node.js by setting the following environment variable `NODE_OPTIONS="--max-http-header-size=65536"` |
+
 
 ### Why are requests rejected with `502`?
 
@@ -639,6 +646,8 @@ See [How to configure your App Router](../guides/extensibility/customization#app
 
 [Find the documentation on `cds login`](../guides/extensibility/customization#cds-login){.learn-more}
 
+<div id="hana-tms-errors" />
+
 ## BTP
 
 ### How do I get an account on the SAP Business Technology Platform?

cds/assets/cxl/function.drawio.svg

@@ -1296,6 +1296,12 @@ The _SaasProvisioningService_ is a façade for the _DeploymentService_ to adapt
 Requests are implicitly asynchronous when `status_callback` is set.
 :::
 
+##### Passing tenant-specific deployment parameters
+
+Using the `"_"` section of the payload, you can pass deployment parameters for an individual tenant. The syntax is identical with the [static deployment configuration of `cds.xt.DeploymentService`](#deployment-config).
+
+In most cases, the requests are received from a third party, so the deployment parameters need to be added in [a handler implementation](#adding-custom-lifecycle-event-handlers) for `cds.xt.SaasProvisioningService`.
+
 ##### Example Usage
 
 <br>
@@ -1436,7 +1442,12 @@ Content-Type: application/json
 {
   "subscribedTenantId": "t1",
   "subscribedSubdomain": "subdomain1",
-  "eventType": "CREATE"
+  "eventType": "CREATE",
+  "_": {
+    "hdi": {
+      ...
+    }
+  }
 }
 ```
 

cds/assets/cxl/infix-filter.drawio.svg

@@ -257,7 +257,7 @@ Refrain from activating user tracing in productive systems.
 
 ## Role Assignment with AMS { #roles-assignment-ams }
 
-CAP applications that use the [Identity Authentication Service (IAS)](https://help.sap.com/docs/identity-authentication) for authentication can leverage the [Authorization Management Service (AMS)](https://help.sap.com/docs/cloud-identity-services/authorization-management-service) to provide comprehensive authorization. Similar to IAS, AMS is part of the [SAP Cloud Identity Services (SCI)](https://help.sap.com/docs/cloud-identity-services).
+CAP applications that use the [Identity Authentication Service (IAS)](https://help.sap.com/docs/identity-authentication) for authentication can leverage the [Authorization Management Service (AMS)](https://sap.github.io/cloud-identity-developer-guide/Authorization/GettingStarted.html) to provide comprehensive authorization. Similar to IAS, AMS is part of the [SAP Cloud Identity Services (SCI)](https://help.sap.com/docs/cloud-identity-services).
 
 Why is AMS required? Unlike tokens issued by XSUAA, IAS tokens only contain static user information and cannot directly provide CAP roles.
 AMS acts as a central service to define access policies that include CAP roles and additional filter criteria for instance-based authorizations in CAP applications.