cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authorization List for Standard Fiori Application

former_member253610
Participant

on ‎11-06-2018 2:27 PM

0 Kudos

I am configuring hunderds of Fiori application for a project. All apps are up and running with an SAP_ALL user. But we must create user roles for different user types. But it is a huge pain to determine required authorization objects for each app. I am of course not talking about service authorization. It is easy. But we need some business authorization objects for some of the apps. Is there a authorization object list for Standard Fiori applications? Or is there are easier way to determine the required authentication objects than checking SU53 everytime?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

saurabh_vakil
Active Contributor
‎05-01-2019 5:32 AM
0 Kudos

When you create backend OData authorization roles, have you added the Fiori tile catalogs from the front-end server into the role menu? In case of a central hub gateway you have to select the option Remote Front-End Server, provide a relevant RFC destination and add the tile catalog. When you do that the service authorizations for the relevant OData services as well as the relevant business authorizations are automatically added under the Authorizations. You just need to adjust t according to your requirements. Once this is done properly there is no need to add any additional business authorizations or SAP_ALL.

Show replies
Show replies
sven_hertig1
Participant
‎04-29-2019 9:45 AM
0 Kudos

Dear Efecan,

SAP Busines Roles for Fiori Apps only work with the SAP authorization object SAP_ALL in the Front- and Backend-System, right? After deleting SAP_ALL we need a Fiori- and Backend-Authorization-Concept, right?

Thanks and

BR, Sven

Show replies
Show replies
former_member182874
Active Contributor
‎11-07-2018 9:52 AM
0 Kudos

What is the pain point ?

Frontend business roles are provided by SAP . For every productive environment you should provide business only those apps which they are interested in. Assigning 10k apps to user is not recommended. Please create catalogs and groups manually based on the user requirements.

It is not recommended to assign all apps when your user is interested or will mostly use 10-20. This practice has to be done in design workshops where the requirement analysis and scope are finalized.

In productive use, we create catalogs and groups and create custom PFCG roles. You can play around in Launchpad designer and assign the tiles to groups.

Follow this blog for mass role maintenance.

https://blogs.sap.com/2018/09/03/fiori-for-s4hana-mass-maintenance-of-business-roles-for-sap-fiori-l...

Regards,

Tejas

Show replies
Show replies
former_member253610
Participant
‎11-14-2018 9:01 AM
0 Kudos

As I said before, I have no problem with front-end roles or catalogs or groups. Only the backend roles for changing business objects or accessing cds views etc. Nevertheless, we configured backend roles one by one while testing the apps.

former_member182874
Active Contributor
‎11-06-2018 4:44 PM
0 Kudos

By right,

User in backend requires authorization to execute the OData services. For this you require , S_SERVICE object

For getting the data from backend and for to and fro communication from backend <-> Frontend, you would require S_RFC and S_RFCACL in both frontend and backend.

For executing CDS queries and odata objects for maintain , change access. User requires : S_DEVELOP object.

Make sure for every app you need a backend role to be created. Better create one single role which contains all the odata services. You need to import Fiori catalog using remote call in the PFCG tcode.

If you want to refer standard role templates, please check here.

https://help.sap.com/viewer/68bf513362174d54b58cddec28794093/7.4.20/en-US/24f82651c294256ee10000000a...

Regards,

Tejas

Show replies
Show replies
former_member253610
Participant
‎11-07-2018 7:28 AM
0 Kudos

Tejas thank you for your answer, but as I said I don't have a problem with OData service roles. They are written already in Fiori Apps Library. I need business authorization objects.

Ask a Question