Skip to Content

How to check authorization for a user using Fiori?

Sep 06, 2017 at 10:25 AM


avatar image
Former Member

We have a Fiori application used for creation of internal orders. There's no restriction applied at all. The internal order creation is accessible for all the users available in Fiori. How can the restriction be applied?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Mohan P Dec 04, 2017 at 05:18 AM

Hi Former Member,

Have you got any solution for your above question, please let me also know about this i also want user based restrictions.

10 |10000 characters needed characters left characters exceeded
Ivan Mirisola
Dec 21, 2017 at 06:29 PM

Hi Bharadwaj,

There are several levels of authorization that can be applied for your Fiori. If you are using the Fiori Launchpad, you need to take a look at which catalogs are assigned to roles in NW-Gateway. This role must be assigned to end-users so users can have access to the Fiori Tile that launches this application. This way you could control who has the means to launch the app.

Since Fiori Apps are also Services in a Gateway System, you could also restrict access based on the bsp service name that corresponds to your app or the odata service used by this app using authorization object S_SERVICE. Please check this blog post for some pointers on how to use standard roles and customize them according to your needs.

Regarding the creation of internal orders, you could check K_ORDER authorization object for this business scenario at the back-end level. Then you could create roles with this authorization object to restrict the creation of IOs on your system. If all users can create this object you probably have another role that is less restrictive and it is allowing all users to create IOs. This will be a way to impose restrictions on all employees. BTW: you should use this method regardless if they are coming from Fiori app or other means.


10 |10000 characters needed characters left characters exceeded