I have one question about authorization in ECC System.
I have created a specific role Z_Fiori_role as a template from /IWBEP/RT_MGW_USR with /IWBEP/FGR_MGW_CLIENT_IF.
In Fiori documentation in the Internet, for each app, a dedicated authorization role (PFCG role) is delivered containing the respective OData service authorization for the back-end server: SAP_MM_PO_APV_APP, SAP_MM_PO_APV_APP, ... (see implementation side for each application: Fiori apps)
But I have made some tests, only z_fiori_role form rom /IWBEP/RT_MGW_USR is needed for users in the backend side and applications roles are not, example:
Could you confirm me that only z_Fiori_Service from template /IWBEP/RT_MGW_USR has all needed oData autorizations for backend side and no need for apps specific authorizations.
Thanks a lot.