How to check authorization for a user using Fiori?

Former Member · ‎09-06-2017

We have a Fiori application used for creation of internal orders. There's no restriction applied at all. The internal order creation is accessible for all the users available in Fiori. How can the restriction be applied?

former_member266304 · ‎12-04-2017

Hi bblazingd,

Have you got any solution for your above question, please let me also know about this i also want user based restrictions.

Ivan-Mirisola · ‎12-21-2017

Hi Bharadwaj,

There are several levels of authorization that can be applied for your Fiori. If you are using the Fiori Launchpad, you need to take a look at which catalogs are assigned to roles in NW-Gateway. This role must be assigned to end-users so users can have access to the Fiori Tile that launches this application. This way you could control who has the means to launch the app.

Since Fiori Apps are also Services in a Gateway System, you could also restrict access based on the bsp service name that corresponds to your app or the odata service used by this app using authorization object S_SERVICE. Please check this blog post for some pointers on how to use standard roles and customize them according to your needs.

Regarding the creation of internal orders, you could check K_ORDER authorization object for this business scenario at the back-end level. Then you could create roles with this authorization object to restrict the creation of IOs on your system. If all users can create this object you probably have another role that is less restrictive and it is allowing all users to create IOs. This will be a way to impose restrictions on all employees. BTW: you should use this method regardless if they are coming from Fiori app or other means.

Regards,
Ivan