on 01-10-2019 5:58 PM
I am opening a question but also giving the answer for the problem.
I just came up with a critical error in the customer I work for - IMHO due to a SAP bad design in the Fiori Launchpad Designer (Fiori on NetWeaver, not on Cloud).
Scenario
There are many "2.0" apps in HCM. e.g. "My Leave Requests" has a newer version which is a different app called "My Leave Requests 2.0"
The problem
Customer is gradually activating those 2.0 apps and for that they did are not delivering those to the end users yet. In order to not give authorization to these new apps to the final users, the customer separated the "1.0" apps from the "2.0" apps in different catalogs. However, final users could still see and open "2.0 apps" even **without having rights to the calalog(s) containing this apps**. It's important to say that all apps are in the same Fiori Group. It should not be a problem as the catalogs are different ones.
Why that happens?
Because of 2 technical decisions from SAP:
1) The new apps uses the same target mapping from their older version. So if app "My Leave Requests" uses target mapping LeaveRequest-manage, its newer version "My Leave Requests 2.0" uses the same target mapping LeaveRequest-manage
2) What **really** defines what the users has access to is NOT the access to the catalogs but the target mappings available inside the catalogs he/she has access to. So If the user has access to catalogs C1 and inside it you can find target mappings "Foo-display" and "Bar-manage" you might have a problem like I had. If you have a different catalogs say C2 that coincidentially have a target mapping "Foo-display" (linked with a different tile and app) the user will see that other app even without having access to catalogs C2
Solution
We changed the target mappings for all 2.0 apps so they become different to the 1.0 apps. This might break some navigation between the apps but it's a temporary fix until we officially launch the 2.0 apps to final users
HI Fabio,
Interesting...
Actually looking at the Fiori apps library information I see that
However Version 2 and Version 3 have different technical application ids.
Also since these are the same software package, we would not expect both versions to be able to be run side by side in the same system... that gets messy as the configuration is shared. Unless you are using 2 different systems - 1 for the new apps, 1 for the old??? If there are separate systems involved they should also have separate system aliases defined in the target mapping... or are you reusing the same system alias somehow??
Did you raise a SAP Incident for this? If not I would recommend doing so.
You will need to clarify a few things.... please include these in the Incident.
Firstly versions - everything is as ever dependent on versions versions versions... especially:
Secondly behaviours... again these are dependent on versions... I've added some comments on what I would expect in the latest FLP version (I'm using S/4HANA 1809 FPS0 and SAPUI5 1.56 at the moment):
Finally, have you run the /UI2/FLIA Intent Analysis for that user and what did it reveal for the Semantic object + action combination? If not please do so and include that in the SAP Incident.
Generally speaking what I see is most new Fiori app versions have a different app id & different ICF node to the old versions. However HCM apps are some of the earliest & one of the few (along with My Inbox) that apply to both Business Suite or S/4HANA so this may be specific to those apps. In which case it would be an issue for the app owner.
However as part of the move towards Fiori 3 design some of these aspects around FLP catalog management are currently being revisited so getting this feedback in NOW would be really helpful to adjusting the generic approach & advice to all app owners where needed.
As a mentor, you know you can also reach out to me directly... we might be able to do some advocacy here. Please raise the incident first though so we get all the facts recorded and a deeper assessment of what's happening & why.
Rgds
Jocelyn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I wonder if someone can tell is this is by design or should be considered a bug.
jocelyn.dart or masayuki.sekihara
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.