Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Configuring transactional SAP Fiori Apps

Configuring SAP Fiori Apps
A Quick Guide
An example-based step-by-step guide to enable the usage of
transactional SAP Fiori apps with specific focus on the
SAP Fiori app for SAP TDMS 4.0: Manage TDMS Execution
Version 1.0
2014-07-02
Introduction
© Copyright 2014 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose
without the express permission of SAP AG. The information contained herein may be changed
without prior notice. Some software products marketed by SAP AG and its distributors contain
proprietary software components of other software vendors. No part of this publication may be
reproduced or transmitted in any form or for any purpose without the express permission of SAP
AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors. National product specifications may vary.
SAP Landscape Transformation Replication Server installation SAP and other SAP products and
services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP AG in Germany and other countries.
Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for
additional trademark information and notices.
Disclaimer
The content of this document is not part of SAP product documentation. SAP does not guarantee
the correctness of the information provided. You may not infer any product documentation
claims against SAP based on this information.
Configuring transactional SAP Fiori Apps - Quick Guide
2
Introduction
Contents
Introduction........................................................................................................................... 4
Prerequisites .................................................................................................................................. 4
Out of Scope ................................................................................................................................... 4
Configuration Overview ................................................................................................................. 5
Process Steps.................................................................................................................................. 7
1
2
3
Preparation .................................................................................................................. 10
1.1
Create Administrator User on Front-End Server .............................................................. 10
1.2
Create Test User on Front-End Server ............................................................................. 10
Initial Configuration on Front-End Server (One-Time Activities).............................. 10
2.1
Activate OData Services for SAP Fiori Launchpad ............................................................ 10
2.2
Activate SICF Services for SAP Fiori Launchpad ............................................................... 13
2.3
Assign Administrator Role for SAP Fiori Launchpad to Administration User ................... 14
2.4
Assign Role with Launchpad Start Authorization for End Users ...................................... 15
2.5
Perform Checks: SAP Fiori Launchpad Designer and SAP Fiori Launchpad...................... 16
App-Specific Configuration ......................................................................................... 16
3.1
Open Product Documentation for Manage TDMS Execution App .................................. 16
3.2
Activities on Front-End Server ......................................................................................... 17
3.2.1
Activate ICF Services of UI5 Application (SAP Fiori Administrator).......................... 17
3.2.2
Activate ICF Services for Images in UI5 Application (SAP Fiori Administrator) ........ 17
3.2.3
Activate OData Service for App (SAP Fiori Administrator) ....................................... 17
3.2.4
Copy Template Business Role to Create Role with Launchpad Catalog and Group. 18
3.2.5
Add Start Authorizations for OData Service of Apps to Business Role .................... 19
3.2.6
Assign Business Role to Test User on Front-End Server........................................... 20
3.2.7
Perform Check: SAP Fiori Launchpad with App Content ......................................... 20
3.3
Activities on Back-End Server ........................................................................................... 21
3.3.1
Assign RFC Authorization to Test User ..................................................................... 21
3.3.2
Assign PFCG Role with OData Service Authorization to Test User........................... 21
3.3.3
Perform Check: SAP Fiori Launchpad with Content and Authorizations ................. 22
Configuring transactional SAP Fiori Apps - Quick Guide
3
Introduction
Introduction
This document guides you through the steps required to enable users to access
transactional SAP Fiori apps in the SAP Fiori Launchpad.
The process is described using the example of the Manage TDMS Execution app. It
follows a straight-forward path with several prerequisites already in place.
The documentation is intended - to give you an insight into the setup process for
transactional SAP Fiori apps. The approach does not necessarily correspond to the
system setup in a productive environment.
For SAP Fiori app implementation in a productive environment, see the central
implementation information for SAP Fiori1 on the SAP Help Portal.
Prerequisites
The following conditions must be met:
 All required components are installed.
For more information, see the following documentation on SAP Help Portal:
o Implementation Overview2
o For transactional apps and fact sheets: Central Implementation
Information
 Initial configuration of SAP NetWeaver Gateway is in place. For more
information, see Basic Configuration Settings3
 HTTPS connectivity is enabled between the front-end server (FES) running SAP
NetWeaver Gateway and the back-end systems
 In the ICM the fundamental ability of connecting to a system with HTTP(S) is
activated.
 In the ICF certain services can be activated, e.g. /sap/public/ping service for
connection testing.
Out of Scope

SAP Smart Business cockpits
1
http://help.sap.com  SAP Business Suite  SAP Fiori for SAP Business Suite  SAP Fiori
for SAP Business Suite 7 Innovations 2013  SAP Fiori Apps – Overview  Transactional Apps
and Fact Sheets Central Implementation Information
2
http://help.sap.com  SAP Business Suite  SAP Fiori for SAP Business Suite  SAP Fiori for
SAP Business Suite 7 Innovations 2013  SAP Fiori Apps – Overview  SAP Fiori 
Implementation Overview
3
http://help.sap.com  SAP NetWeaver  SAP NetWeaver Gateway  SAP NetWeaver
Gateway 2.0  Configuration and Deployment Information  Basic Configuration Settings
Configuring transactional SAP Fiori Apps - Quick Guide
4
Introduction




SAP Fiori fact sheets
Single sign-on
Authorizations in complex system landscapes
Back-end configuration to enable the business functionality, for example,
configuration of SAP Test Data Management Server(SAP TDMS),
Configuration Overview
The configuration of SAP Fiori apps requires steps on a front-end Server (FES) and on
the connected SAP TDMS back-end system.
On the front-end server resides an SAP NetWeaver Gateway system with the SAP
NetWeaver UI Add-On.
On the back-end server, the SAP TDMS system is installed,.
The SAP NetWeaver UI Add-On includes the SAP Fiori Launchpad designer, which is the
administration tool to configure the content for the SAP Fiori Launchpad.
The SAP Fiori Launchpad is the entry point for end users. They access the
Launchpad and the Launchpad designer from a Web browser via secure requests to
the FES.
To enable these requests, UI5 applications and their related OData services need to be
activated in SAP NetWeaver Gateway on FES. In addition, users need start
authorizations for the services on the front-end and authorizations for related functions
on the back-end.
The majority of configuration steps are activation steps (for applications and services)
and authorization steps on both the front-end server and in back-end systems.
Chapter 2 describes the initial configuration of the SAP Fiori Launchpad and of the SAP
Fiori Launchpad designer:




Activation of the ICF services of the SAP Fiori Launchpad to create the HTTP
request handlers for the Launchpad URLs
Activation of the OData services for the SAP NetWeaver UI Add-On
Creation of a PFCG role for administrators with authorizations for the SAP Fiori
Launchpad designer
Creation of a PFCG role for end users with authorizations for the SAP Fiori
Launchpad
At the end of these one-time activities you can launch the SAP Fiori Launchpad
designer and the SAP Fiori Launchpad.
Chapter 3 describes how to configure individual SAP Fiori apps using the example of
the Manage TDMS Execution app.
Manage TDMS Execution is included in the business catalog of apps available for the
role System Administrator.
Configuring transactional SAP Fiori Apps - Quick Guide
5
Introduction
On Front-end Server (FES) you have to do the following:





Activate the OData services and ICF nodes for the SAP UI5 applications in SAP
NetWeaver Gateway. This enables the corresponding HTTP request handlers.
Create a PFCG role that provides access to the relevant catalog in the SAP Fiori
Launchpad. In our example, we copy the sample business role delivered by SAP.
Add start authorizations for the required OData service to the business role (we
provide an unsecure shortcut: use wildcard authorization).
Assign the role to a user, which has to have the same user name as in the backend system
Adapt the business catalog to your needs in the SAP Fiori Launchpad designer
In addition, the user must be assigned the authorizations required in the back-end to be
able to run the apps. You have to do the following:


Assign the RFC Authorization to the user to allow remote access from the frontend server to the back-end server
Assign and generate the authorizations to call and perform the OData services
on the back-end
Configuring transactional SAP Fiori Apps - Quick Guide
6
Introduction
Process Steps
Step
Preparation
Create
administrator
user
Create test user
Back-End Server/
Front-End Server/
Other
Transaction
Data Required
Front-End Server
SU01
User name as on the back-end server
Front-End Server
SU01
User name as on the back-end server
Initial Configuration on Front-End Server (One-Time Activities)
Activate OData
services for SAP
Fiori Launchpad
Front-End Server
/IWFND/M
AINT_SERV
ICE





Activate SICF
services for SAP
Fiori Launchpad
Front-End Server
SICF
Full list for both Launchpad and
designer:
 /default_host/sap/bc/ui2/nwbc
 /default_host/sap/bc/ui2/start_up
 /default_host/sap/bc/ui5_ui5/sap
/ar_srvc_launch
 /default_host/sap/bc/ui5_ui5/sap
/ar_srvc_news
 /default_host/sap/bc/ui5_ui5/sap
/arsrvc_upb_admn
 /default_host/sap/bc/ui5_ui5/ui2/
ushell
 /default_host/sap/public/bc/ui2/d
efault_host/sap/public/bc/ui5_ui5
Assign
administrator role
for SAP Fiori
Launchpad to
adminstration
user
Front-End Server
PFCG


SAP role: SAP_UI2_Admin_700
The activated gateway service
names for:
o /UI2/PAGE_BUILDER_CONF
o /UI2/PAGE_BUILDER_PERS
o /UI2/PAGE_BUILDER_CUST
o /UI2/INTEROP
o /UI2/TRANSPORT
Assign role with
Launchpad start
authorization for
end users
Front-End Server
PFCG


SAP role: SAP_UI2_User_700
The activated gateway service
names for:
o /UI2/PAGE_BUILDER_PERS
o /UI2/INTEROP
Configuring transactional SAP Fiori Apps - Quick Guide
/UI2/PAGE_BUILDER_CONF
/UI2/PAGE_BUILDER_PERS
/UI2/PAGE_BUILDER_CUST
/UI2/INTEROP
/UI2/TRANSPORT
7
Introduction
Perform
Front-End Server
checks:SAP Fiori
Launchpad
designer and SAP
Fiori Launchpad
App-Specific Configuration
Web
browser
Open product
documentation
for Manage TDMS
Execution app
Implementa
tion
Information
for Manage
TDMS
Execution6
Public internet
Activities on Front-End Server
Activate ICF
Front-End Server
services of UI5
application (SAP
Fiori
administrator)
Activate OData
Front-End Server
services per app
(SAP Fiori
administrator)


SICF


Copy template
business role to
create role with
Launchpad
catalog and group
Front-End Server
/IWFND 
/MAINT
_SERVI
CE

 SAP
Fiori
Launch
pad
designer
PFCG

Add start
authorizations for
OData services of
apps to business
role
Front-End Server
PFCG
Assign business
role to test user
Front-End Server
PFCG
URL of Launchpad designer, see
Testing the Launchpad Designer4
URL of Launchpad, see Testing the
Launchpad5
UI5 application for the Manage
TDMS Execution app:
TDMS_EXEC_MAN
OData service for the Manage TDMS
Execution app:
TDMS_MANAGE_EXEC_SRV (1)
Business catalog for the Manage
TDMS Execution app:
SAP_TDMS_BC_SYSADMIN_T
the business role related to the
Manage TDMS Execution app:
SAP_TDMS_BCR_SYSADMIN_T
Test user on front-end server
4
http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 
Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad
Launchpad Designer  Testing the Launchpad Designer
5
http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 
Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad 
Setting Up the Launchpad and Launchapd Designer  Testing the Launchpad
6
http://service.sap.com/tdms
Configuring transactional SAP Fiori Apps - Quick Guide
8
Introduction
on front-end
server
Perform check:
Front-End Server
SAP Fiori
Launchpad with
app content
Activities on Back-End Server
Assign RFC
Back-End Server
authorization to
test user
Assign PFCG Role Back-End Server
with OData
Service
Authorization to
User
SAP Fiori
Launchpad
Perform check:
SAP Fiori
Launchpad with
content and
authorizations
SAP Fiori
Launchpad
Front-End Server
SU01

authorizations S_RFC and
S_RFCACL
PFCB
SU01

back-end authorization role:
SAP_TDMS_EXEC_MAN_APP
Configuring transactional SAP Fiori Apps - Quick Guide
9
Initial Configuration on Front-End Server (One-Time Activities)
1 Preparation
1.1 Create Administrator User on Front-End Server
If an administrator user is not yet available on the front-end server, you have to create
one.
If you are using a trusted RFC connection to the back-end server, the user IDs need to
be identical on the front-end and on the back-end server.
The administration user needs extensive authorizations, such as S_SERVICE,
S_DEVELOP, /UI2/CHIP, and S_CTS_SADM.
1. Run transaction User Maintenance (SU01) on the front-end server.
2. Create a user – if applicable, with the ID the user already has in the back-end
(see above).
1.2 Create Test User on Front-End Server
Create a test user in transaction SU01, using the same user-ID as on the back-end
server.
2 Initial Configuration on Front-End Server (OneTime Activities)
The SAP Fiori Launchpad uses the User interface add-on for SAP NetWeaver. It
requires the ICF nodes that provide access to the web resources, and the OData
services which provide the information about the configured app tiles to be displayed.
For more information, see the following documentation on SAP Help Portal under
http://help.sap.com:
 SAP NetWeaver  User Interface Add-On for SAP NetWeaver
 Especially: SAP NetWeaver  User Interface Add-On for SAP NetWeaver 
Application Help  Administration Guide  Content Administration  SAP Fiori
Launchpad
2.1 Activate OData Services for SAP Fiori Launchpad
The activation of the OData services and of the ICF services (described in the next
section) are required to initially set up the SAP Fiori Launchpad and the SAP Fiori
Launchpad designer.
SAP NetWeaver Gateway provides the infrastructure for the OData services used by the
SAP Fiori Launchpad and the SAP Fiori apps.
Configuring transactional SAP Fiori Apps - Quick Guide
10
Initial Configuration on Front-End Server (One-Time Activities)
An OData service has to be enabled in Gateway. This basically establishes a mapping
between the technical OData service name and the corresponding back-end service
(identified by system alias, namespace, and the external service name).
1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on
the front-end server.
2. Use the system alias of your local system when activating the following services:
Note:
 You do not need to activate the /UI2/LAUNCHPAD service. This service is
not relevant for SAP Fiori.
 The service names listed below are concatenations of the namespace /UI2/
and the technical names of the individual services. Enter these
concatenations when adding new services in transaction
/IWFND/MAINT_SERVICE. When searching for services, you need to search
either by namespace or by technical name.





/UI2/PAGE_BUILDER_CONF
/UI2/PAGE_BUILDER_PERS
/UI2/PAGE_BUILDER_CUST
/UI2/INTEROP
/UI2/TRANSPORT
Result:
The services are activated in your customer namespace, with the following
technical names, for example:
 ZINTEROP
 ZPAGE_BUILDER_CONF
 ZPAGE_BUILDER_CUST
 ZPAGE_BUILDER_PERS
 ZTRANSPORT
Configuring transactional SAP Fiori Apps - Quick Guide
11
Initial Configuration on Front-End Server (One-Time Activities)
3. Call each service once by selecting it in transaction Activate and maintain
services (/IWFND/MAINT_SERVICE), then clicking Call Browser in the screen
area ICF Nodes. Always select the OData node, not the SDATA node.
Note:

You have called a service successfully when an XML document is displayed
without any error messages.

When you call a service, a hash key is generated in the background. The
hash key is required for the generation of authorizations described under
Assign Administrator Role for SAP Fiori Launchpad to Administration User.

You can verify the hash key generation in table USOBHASH in transaction
Data Browser (SE16). In the selection screen, specify the following:
o R3TR in the PGMID field
o
IWSG in the Object field
o The technical service name in the OBJ_NAME field. Use the technical
name of your generated service, typically starting with Z, and having
the version number appended in four-digit format with leading zeros
The hash key should be displayed in the NAME column of the results table.
Configuring transactional SAP Fiori Apps - Quick Guide
12
Initial Configuration on Front-End Server (One-Time Activities)
2.2 Activate SICF Services for SAP Fiori Launchpad
In addition to the ICF services that correspond to the OData services it is necessary to
activate the following ICF services manually:
1. Run transaction Maintain Services (SICF) on the front-end server.
2. Activate services under the following subtrees, either by right-clicking the mouse
and selecting Activate Service, or selecting Service/host  Activate from the menu:
 /default_host/sap/bc/ui2/nwbc
 /default_host/sap/bc/ui2/start_up
 /default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch
 /default_host/sap/bc/ui5_ui5/sap/ar_srvc_news
 /default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn
 /default_host/sap/bc/ui5_ui5/ui2/ushell
 /default_host/sap/public/bc/ui2
 /default_host/sap/public/bc/ui5_ui5
Configuring transactional SAP Fiori Apps - Quick Guide
13
Initial Configuration on Front-End Server (One-Time Activities)
Note:
To activate all child nodes under a service, choose the Yes button with the hierarchy
icon in the Activation of ICF Services dialog box.
2.3 Assign Administrator Role for SAP Fiori Launchpad to
Administration User
In this step, you copy the SAP-delivered administrator role for the SAP Fiori Launchpad
and assign it to your administrator user. The administrator is then authorized to use the
SAP Fiori Launchpad designer.
1. Run transaction Role Maintenance (PFCG) to copy the role SAP_UI2_ADMIN_700 to
your customer namespace.
2. Edit the new role in transaction Role Maintenance (PFCG) as follows:
1. On the Menu tab, open the dropdown menu of the button for adding objects
(+ button). By default, the object type Transaction is selected. Change the
selection to Authorization Default.
2. In the Service pop-up that opens, select TADIR Service from the dropdown
menu for the Authorization Default. Specify the following values:
 Program ID: R3TR
 Object Type: IWSG
In the table, enter the names of your activated services (see Activate OData
Services for SAP Fiori Launchpad) in the form <technical name>_<four-digit
version number with leading zeros>, for example:
 ZINTEROP_0001
 ZPAGE_BUILDER_CONF_0001
 ZPAGE_BUILDER_CUST_0001
 ZPAGE_BUILDER_PERS_0001
 ZTRANSPORT_0001
3. On the Authorizations tab, click Propose Profile Name next to the Profile Name field.
4. Choose Change Authorization Data .
On the screen that opens up, click the Generate button.
Configuring transactional SAP Fiori Apps - Quick Guide
14
Initial Configuration on Front-End Server (One-Time Activities)
Result:
You have a role with 5 IWSG authorizations and 5 IWSV authorizations. The IWSV
authorizations are included in the role from the start, so they are not in the
customer namespace:
5. Assign the new role to the administrator user created under Create Administrator
User on Front-End Server.
2.4 Assign Role with Launchpad Start Authorization for End
Users
Proceed as described under Assign Role for SAP Fiori Launchpad Administration to
Administration User, but using the SAP_UI2_USER_700 role as a template and
assigning only a subset of services:
 ZINTEROP_0001
 ZPAGE_BUILDER_PERS_0001
Assign this role to the test user you have created under Create Test User on Front-End
Server.
Configuring transactional SAP Fiori Apps - Quick Guide
15
App-Specific Configuration
2.5 Perform Checks: SAP Fiori Launchpad Designer and SAP
Fiori Launchpad
Note:
For productive usage with a system landscape including SAP Web Dispatcher,
you need the Web Dispatcher links to perform the checks.
1.
2.
3.
4.
Look up the composition of the URLs of the Launchpad designer and the
Launchpad in the following documentation:
 Testing the Launchpad Designer7
 Testing the Launchpad8
Adapt the URLs entering your landscape information, such as server and port.
Note:
You can determine the server and port Launchpad as follows:
 Run transaction SICF
 Drill Down default host -> sap -> public -> ping
 Right mouse click on the ping service -> click Service test
Check that the Launchpad designer can be opened.
Check that the Launchpad can be opened. At this stage, an empty Launchpad
should be displayed.
3 App-Specific Configuration
3.1 Open Product Documentation for Manage TDMS Execution
App
For the following procedures, you need information from the product documentation,
such as technical names of services, roles, and so on.
The information is included in the following sections.
However, to have a document with the required entities at hand, go to
http://service.sap.com/tdms and open the Implementation Information for Manage
TDMS Execution.
7
http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 
Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad
Launchpad Designer  Testing the Launchpad Designer
8
http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 
Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad 
Setting Up the Launchpad and Launchpad Designer  Testing the Launchpad
Configuring transactional SAP Fiori Apps - Quick Guide
16
App-Specific Configuration
3.2 Activities on Front-End Server
3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator)
To activate the Manage TDMS Execution app, you must perform this procedure, as
well as the activation of the OData services per app (next section).
1.
2.
3.
4.
5.
Run transaction Maintain Services (SICF) on the front-end server.
Press F8.
Navigate to the following path default_host sapbc  ui5_ui5  sap.
Under this node, navigate to the UI5 application for the Manage TDMS Execution
app: TDMS_EXEC_MAN.
To activate the service (UI5 application), choose Service/host  Activate.
3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori
Administrator)
To make images available in the app, you must perform this procedure.
1. Run transaction Maintain Services (SICF) on the front-end server.
2. Press F8.
3. Navigate to the following path default_host sapbc  bsp  sap.
4. Under this node, navigate to the SICF service: TDMS_EXEC_MAN.
5. To activate the service, choose Service/host  Activate.
3.2.3 Activate OData Service for App (SAP Fiori Administrator)
1.
2.
3.
4.
5.
6.
Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on the
front-end server.
Click Add Service.
Enter the system alias of your back-end system.
In the External Service Name field, enter the technical name of the OData service
for the Manage TDMS Execution app without the version number:
TDMS_MANAGE_EXEC_SRV .
Enter the version number – “1” in our example – into the Version field.
Click Get Services.
Configuring transactional SAP Fiori Apps - Quick Guide
17
App-Specific Configuration
7.
8.
9.
10.
11.
Click Add Selected Services.
A popup opens up:
Give the service a technical name in your customer namespace.
Assign a package or choose Local Object.
Click Execute to save the service.
In the Activate and maintain services screen, verify that the system alias is
maintained correctly. If not, change it as required by deleting the alias and adding
the correct one.
3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog
and Group
You must perform this step and the following authorization- and-role-related tasks on
the front-end server to equip the test user with all rights needed for the app.
SAP delivers business roles for users of SAP Fiori apps. Business roles provide access
to a sample of apps relevant for specific business users. The authorization for the
Manage TDMS Execution app is included in the business role for the System
Administrator (SAP_TDMS_BCR_SYSADMIN_T ).
Run transaction Role Maintenance (PFCG) to copy the business role
SAP_TDMS_BCR_SYSADMIN_T to your customer namespace.
Note:
Configuring transactional SAP Fiori Apps - Quick Guide
18
App-Specific Configuration
A business catalog and a business catalog group containing apps relevant for System
Administrator are displayed under the Menu tab.
3.2.5 Add Start Authorizations for OData Service of Apps to Business Role
A user trying to consume an OData service needs the following types of authorizations:


Authorizations on the Gateway side: Role Menu entries for Authorization
Defaults of type TADIR Service with object type “IWSG – Gateway: Service
Groups Metadata”.
Authorizations on the back-end side: Role Menu entries for Authorization
Defaults of type TADIR Service with Object Type IWSV – Gateway Business
Suite Enablement - Serv.
For the back-end entries, an example role is provided, from which the entries can be
copied (see section Assign PFCG Role with OData Service Authorization to Test User).
For the Gateway-side entries, there are no such examples, as the technical names are
entered during the activation of the service, and therefore not known in advance.
To create a role with OData start authorizations on the front-end server, proceed as
follows:
Caution:
Be aware that the check for OData service authorization can provide additional
security, especially in case SAP NetWeaver Gateway is set up as separate hub.
By specifying the services explicitly in the role menu, you control which requests
on behalf of a user can pass the Gateway.
If you use a wildcard, users can call all activated services. Unauthorized requests
can only be rejected on the back-end server, provided that the user’s
authorizations in the back-end are not sufficient.
We therefore recommend that you do not use wildcard authorizations in
productive environments.
Instead, add single services as follows:
Note
You must have called an OData service at least once before you can assign start
authorizations for it.
1. Edit the business role created under Copy Template Business Role to Create
Role with Launchpad Catalog and Group in transaction Role Maintenance
(PFCG).
2. On the Menu tab, open the dropdown menu of the button for adding objects (+
button). By default, the object type Transaction is selected.
Change the selection to Authorization Default.
3. In the Service pop-up that opens, select TADIR Service from the dropdown
menu for the Authorization Default. Specify the following values:
Configuring transactional SAP Fiori Apps - Quick Guide
19
App-Specific Configuration
 Program ID: R3TR
 Object Type: IWSG
4. In the table, enter the name of the activated OData service (see Activate OData
Service for App (SAP Fiori Administrator).
Note:
You need to enter the name in the form <technical name>_<four-digit version
number with leading zeros>, for example, ZTDMS_MANAGE_EXEC_SRV_0001
5. Under the Authorization tab, click the button next to the Profile Name field to
generate the authorization profile for the role.
6. Choose Change Authorization Data .
On the screen that opens up, click the Generate button.
3.2.6 Assign Business Role to Test User on Front-End Server
In transaction Role Maintenance (PFCG), assign the business role to the test user
initially created (see Create Test User on Front-End Server) by specifying the user ID
under the User tab.
3.2.7 Perform Check: SAP Fiori Launchpad with App Content
1. Open the SAP Fiori Launchpad with the test user credentials.
2. Choose Open Catalog from the menu.
The business catalog with the Manage TDMS Execution app should be visible.
At this stage, however, starting the app will lead to an error, because back-end
authorizations are still missing.
Configuring transactional SAP Fiori Apps - Quick Guide
20
App-Specific Configuration
3.3 Activities on Back-End Server
3.3.1 Assign RFC Authorization to Test User
If the OData back-end service is located on a remote back-end, users need permission
to perform the RFC call on the back-end system, that is, they require the authorizations
S_RFC and S_RFCACL for trusted RFC.
In this case, and if your user does not have these authorizations yet, assign a role
including the RFC authorization objects to the back-end user that corresponds to the
test user initially created (see Create Test User on Front-End Server).
Note:
You can check whether the user has the RFC authorizations in the user
information system (by entering transaction User Maintenance (SU01) and
choosing Information  Information System).
3.3.2 Assign PFCG Role with OData Service Authorization to Test User
Note:
The following procedure describes how you assign the OData service to a user
for just the Manage TDMS Execution app.
For a productive usage of Fiori apps, you would most probably do the PFCG role
assignment differently: You would create a PFCG role that contains multiple
OData start authorizations. For example, you would include the start
authorizations for all HR apps, based on the technical catalog for HR.
1. Run transaction Role Maintenance (PFCG) to copy the back-end authorization
role required for the Manage TDMS Execution app to your customer
namespace. The technical role name is SAP_TDMS_EXEC_MAN_APP.
2. Edit the copied business role in transaction Role Maintenance (PFCG)
3. On the Menu tab, open the dropdown menu of the button for adding objects (+
button). By default, the object type Transaction is selected. Change the
selection to Authorization Default.
4. In the Service pop-up that opens, select TADIR Service from the dropdown
menu for the Authorization Default. Specify the following values:
a. Program ID: R3TR
b. Object Type: IWSV
5. In the table, enter the name of the activated OData service (see Activate OData
Service for App (SAP Fiori Administrator)
6. Under the Authorization tab, click the button next to the Profile Name field to
generate the authorization profile for the role.
7. Choose Change Authorization Data. On the screen that opens up, click Save and
then the Generate button.
8. Run transaction User Maintenance (SU01) and assign the role to the test user
user initially created (see Create Test User on Front-End Server).
Configuring transactional SAP Fiori Apps - Quick Guide
21
App-Specific Configuration
Note:
The following steps are only necessary if the user does not yet have the business
authorizations that are required to use the Manage TDMS Execution app.
1. On the Authorization tab, click Generate Profile next to the profile name.
2. Choose Maintain Authorization Data.
3. On the Authorization Details screen, click the Generate icon in the toolbar.
3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations
1. Open the SAP Fiori Launchpad with the test user credentials.
2. Choose Open Catalog from the menu.
The business catalog with the Manage TDMS Execution app should be visible.
When starting the app, the actual app functions should be available.
Note
If you get an error message stating that configuration is missing when you start
the app, it means that your back-end system has not been configured correctly
to enable the business functionality (see Out of Scope).
Configuring transactional SAP Fiori Apps - Quick Guide
22
Related documents
Sample Parent / Teacher Conference Form
Sample Parent / Teacher Conference Form
Delphi
Delphi
Creating a Message on the SAP Service Marketplace (SMP)
Creating a Message on the SAP Service Marketplace (SMP)
Case Study I - Concept Software & Services Inc.
Case Study I - Concept Software & Services Inc.
Sample Mission Statements for SAP
Sample Mission Statements for SAP
School name here - Prevention First
School name here - Prevention First
SAP Consulting Services Appendix
SAP Consulting Services Appendix
Download
Study collections