Skip to Content

FIORI roles and authorization issue

Hi Folks,

In our project we have implemented around 200 applications based on HANA DB and Any DB. Now we are creating the roles for each applications. So just to make you better understand the issue I am taking an example of an application "Manage Supplier Invoice for Accounts Payable Accountant - Procurement". For this particular application I have assigned the PFCG role for business catalog SAP_BR_AP_ACCOUNTANT_PROCURMENT to the test user along with R3TR IWSV MM_SUPPLIER_INVOICE_MANAGE_001 & R3TR IWSG MM_SUPPLIER_INVOICE_MANAGE services. But now user is getting an error that "user has no authorization for operation READ on object BUS2081" also in SU53 it is showing that activity is missing for some authorization object.

So I manually added the missing authorization objects in Roles --> Authorization and now application is working fine. But here my concern is that I have never read it anywhere that authorization objects have to be assigned manually to FIORI roles, we just need to assign the catalog, group and the required service like I did. I request you to help me understand that whether it is required to manually add objects in FIORI role or share any document on FIORI roles and authorization.

Thanks

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Sep 01, 2016 at 06:41 AM

    you need to Assign Authorization Object S_RFCACL in Backend System to User ,

    also CheckbelowLink

    https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/index.html#/multiHome

    it will tell you Which Roles u need to Assign to User Manually for Specific Application

    Thanks

    Ashish

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Sep 07, 2016 at 01:33 PM

    Hi Folks,

    Does anyone have any idea on this?

    Thanks

    Ashish Hans

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Ashish,

      Yeeeessss ... the authorizations doco could use some work.

      It's not too bad for the Fiori stuff but the rest of the backend roles means diving into the S/4HANA help documentation on help.sap.com.

      Re the Fiori apps....

      All Fiori users need:

      * S_RFCACL and S_RFC

      * ZSAP_UI2_ADMIN collective role in the frontend server

      * S_ESH_CONN in the backend server (if they are to use factsheets)

      * Authorization to the OData Services for their Fiori apps - the UI Technology Guide for S/4HANA explains how to set this up.

      Usually the Fiori app library help should tell you if there are any other backend roles associated with the app.

      Rgds,

      Jocelyn

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.