AGENDA

1 SAP FIORI Authorization Introduction

2 FIORI Catalog, Group key terminology

3 Type Of FIORI Application

4 Role Creation , O-data Services and SU24

5 Troubleshooting – FIORI Authorization Issues

6 Special Business Requirements in Fiori

7 How to read FIORI Library

1
SAP FIORI Authorization Introduction

Fiori is a streamlined application, delivering a role-based user experience that can be personalized
across all lines of business, tasks and devices.

SAP Fiori 2.0

launched in October 2016 as an update to Fiori adding UX functions that were missing in the first
version, e.g. enhanced navigation, multi-application management and proactive system notifications.
Developed as the latest evolution for SAP HANA and S/4HANA, version 2.0 offers a new visual design
that can adapt Fiori UIs to corporate identities.

2
FIORI Deployment Options
• FES (Fiori Front End Server) embedded deployment, where Fiori is embedded in a single SAP
landscape. This is best for situations where there is a single Fiori instance running.
• FES hub deployment, which bundles the Fiori UI components, SAP Launchpad and SAP Gateway.
Business logic and traditional UIs stay on the back end, so you can integrate multiple back end
systems like SAP CRM and SRM.
• Gateway embedded, where the SAP Gateway is embedded in the back end, which makes it possible
to integrate cloud FES instances with a cloud connector.
• Gateway hub, here SAP Gateway serves as a hub – making it easy to connect the backend with FES
in the cloud
• SAP Fiori Cloud, with FES in the cloud on a standalone basis. It connects to back end systems that
are on-premises.

3
Catalog and Groups
• What is Business Catalog? - A catalog is a set
of Tiles and target mapping you want to A1 A2 A3 A4
make available for one role. Depending on the
role and the catalogs assigned to the role, A5 A6 A6
A4
users can browse through the catalogs and
choose the Tiles / Applications that they want
to display on the entry page of the SAP Fiori
launchpad. Catalog

• What is Business Group? - A group is a subset

of Applications from one or more catalogs.
Which tiles are displayed on a user’s Home
page depends on the groups assigned to the
user’s role. In addition, the user can
personalize the entry Fiori Page by adding or
removing Applications to pre-delivered
groups or self-defined groups.

4
 FIORI Key Terminology
• Tiles can offer summarized information
about the data available for the users in
the app Depending on the roles of the
user certain groups of apps are
displayed.
• Apps Each app is represented by a tile,
App is the combination of tile
configuration and target mapping.
• Target Mapping which define the target
application which is launched when an
intent (semantic object/action) is
triggered
• Launchpad We can call it as a Fiori
Launch Pad (Home page for the end
users) where in all the Apps are available
in the form of groups for the users based
on the role's assignment.
5
FIORI Key Terminology
• O-Data
• SAP Fiori apps use OData to display and update data in back-end server (SAP or Non-SAP).
• OData (Open Data Protocol) is a standardized protocol for creating and consuming data APIs.
• OData builds on core protocols like HTTP and commonly accepted methodologies like REST.
RFC Connection – RFC connection should be trusted to connect front end & Backend.
Tile – Name of the Tile
Subtitle – Name of the subtitle of the tile, this is not mandatory field but if you mention anything in
Subtitle just as above example, it will appear in the 2 nd line of the tile.
Semantic Object - Semantic Object: Represents a business entity such as a customer, a sales order, or a
product. Using semantic objects, you can bundle applications that reflect a specific scenario. ... You can
either use semantic objects shipped by SAP, or create new semantic objects
Action – Represent the Action/Active of any app like, Create, change, Display, Delete.
All above keywords are just to represent the tile/App based on their functionality & Action but it is
controlled by backed object authorization only.

6
Type Of FIORI Application : Transactional Apps
• Allow you to conduct transactional tasks,
such as creating SAP sales orders, SAP
PO’s and invoices.
• Offer you straightforward views and
interaction with your already existing SAP
processes and solution.
• Run best with SAP S/4 HANA but may be
ported to a variety of databases with
sufficient performance.
• Task Based Access : Access to tasks like
change, create , or entire processes with
guided navigation.
• Ex : F1443A - Manage Cost Centers
(Version 2)

7
Type Of FIORI Application : Fact Sheet

• Used to drill down to key data and

contextual information in your business
operations. Can initiate transactions
through navigation to transactional apps
or the back-end system directly.
• Fact sheet does not have any tile
information in the catalog. It has only
target mapping in the catalog. As a result
fact will not appear in user’s Home page.
• Search and Explore : View on essential
information about an object and
contextual navigation between related
objects
• Search connectors need to be activated in
the back-end system.
• Ex : F2187 - Customer - 360° View

8
Type Of FIORI Application : Analytical Apps

• Offer role-based, real-time information about

business operations
• Integrate SAP HANA with the SAP business
suite providing real-time data from large
quantities of data in the front-end web
browser
• Analytical apps facilitate close monitoring of
KPI indicators. In addition, you can perform
complex calculations and aggregations
allowing you to react immediately to
marketplace conditions
• Run on SAP HANA database and utilize virtual
data models
• Ex : F0940A - Cost Centers - Actuals

9
Type of FIORI Application : Web dynPro Application

• Fiori Launchpad uses the nwbc service

to launch the Web Dynpro applications.
Which means although the Web
Dynpro application is working fine on
your backend server, if you want to
integrate it to Fiori Launchpad you
need to activate the following ICF node:
/sap/bc/ui2/nwbc
• WebDynpro and GUI Apps are Legacy
apps for HTML application they are not
mobile enabled but provide a SAP Fiori
look and feel.
• Ex : F1024 - Manage Cost Center
Groups

10
Type of FIORI Application : GUI

• These are the T-code based apps

and require t-code access on the
backend.
• SAP GUI & Web Dynpro apps
opens in a new tab in a browser
unlike native Fiori apps.
• APP ID in Fiori Library will be
same as T-code, just as above
case The app ID for Display
Supplier Invoice is MIR4 you can
see the below details in Fiori
Library.
• Ex : FB03 - Display Document,
Display Journal Entries
• for Other
11
Creation of Role using Catalog and Business
Group
• In SAP Open PFCG Transaction to
create a single role

• Select Menu Tab and select

Transaction Drop down to select SAP
Fiori Tile Catalog.

12
• Once you select Fiori Catalog “Assign
Catalog” Popup will be opened in
catalog ID select from search and select
Catalog which we created.
• Either you can select / add standard
Catalog or Custom Catalog as per the
project requirement

• You can see the catalog now under Role

menu.
• Expand the catalog by clicking on + sing
to view the O-data services of that
catalog.

13
• Repeat the same to select the SAP
FIORI Tile Group
• Save the Changes
• Now Go to Authorization Tab to
maintain the open Authorization fields/
change the authorization Values as per
the project requirement.

14
• Repeat the same to select the SAP
FIORI Tile Group
• Save the Changes
• Now Go to Authorization Tab to
maintain the open Authorization fields/
change the authorization Values as per
the project requirement.

15
Creation of Backend Role using O-data Service
• OData – stands for Open Data Protocol –
and is a protocol that SAP is using to make
SAP data accessible to world through Web
Applications, websites and Mobile Apps.
• In PFCG, select Menu Tab and select
Transaction Drop down to select
Authorization Default
• Authorization Default = TADIR Service
• Object Type = IWSV
• Either you can enter the O-data service
under TADIR service, or you can search for
it by using F4.
• Save the role and then generate the
profile.

16
Authorization Objects which need high
importance while maintaining the values
• S_RS_COMP, S_RS_COMP1, S_RS_AUTH : Contact your BW/ BI team while maintaining the
values.
• RFC Related Authorization Objects : Values should be maintained in each field which is required
to run the FIORI Apps.
• S_SERVICE : This is a start authorization objects for OData – Services which should not be
maintained with *.

17
How to check the Authorization Objects of
O-data Service ?
• Go to SU24 , select TADIR Service in Type
of Application and then enter the O-data
service for which you would like to check
authorization Objects.

18
Two entries one for IWSG and IWSV ( There would be no corresponding Authorization
Objects for IWSG related O-data service.

19
O-Data Services and SU24
Assigning Authorization Defaults to OData
Services
• In SU24, select SAP Gateway Business
Suite Enablement – Service under Types
of Application.
• Object Name, enter the name of your
R3TR IWSV object (in our case:
ZDEMO_CDS_SALESORDERITEM_CDS*).
• Use the * (asterisk) at the end of the
name and then select the correct name
with version (in our case: 0001).

20
• On the Change TADIR Service screen, change into the Edit mode.
• Choose Object Add Authorization Object and enter S_SERVICE as the authorization
object.

21
• Set the proposal status to No.
• Add the authorization objects used in the DCL of the CDS view with Proposal Yes and
specify values which should be fixed or with Proposal Yes, Without Values
• Save and transport your changes.

22
Troubleshooting of Fiori Apps
Issue No . 1 : Can’t load the Tile when you launch
the app.
Solution :
• Always use Incognito Mode in Chrome for
troubleshooting as Incognito mode don’t save
any cache in memory.
• Now open the Launchpad and click F12 button
from Keyboard.
• In the error message panel you might get to
see the root cause of the error like here No
System Alias found for service
“ZSMART_BUSINESS_RUNTIME_SRV_0001”
• Go to T-code /n/iwfnd/maint_service and
check for the system alias in the O-data.

23
Special Business Requirements in Fiori
Requirement 1 : User can customize their own home page by rearranging the tiles in a group and
Users can make their own favorites list.
But this is a drawback in any business scenario during the training due to the lack of knowledge end
users always mess/delete the arrangement of the tiles and they always come up to the security
team for the resolution.
Solution : So better approach to restrict the modification of Fiori home page during the training
time.
To disable the personalization of users please assign below Target mapping.
/UI2/CONFIG_PERS_OFF
Requirement 2 : How can arrange the sequence of apps as per the client requirement.
Solution : By arranging the group’s sequence in of the roles in PFCG we can over come from above
issue.

24
Special Business Requirements in Fiori
Requirement 3 : How to deactivate the option Public save view radio button on FIORI page for
individual users.
Solution : Run/Execute Report /UIF/SET_KU_CHECK_FOR_VARIANT. This report
activates/deactivates the key user check for variants in the CUSTOMER layer.
By default, no key user check is performed when variants are written into the CUSTOMER layer of
the layered repository (LRep). By execution of this report you can activate the key user check for
CUSTOMER variants (or you can deactivate it again).
How to disable Public key option globally = Select Check box then Execute
How to enable Public key option globally = Uncheck box then Execute
Post above steps , Public option has been disabled globally now if required this can be activated for
individual users through Authorization Object - /UIF/FLEX.

25
How to read FIORI Library
Link:
https://fioriappslibrary.hana.ondemand.com/sap/fix/external
Viewer/#
Under Categories select All Apps, here you can search by
entering APP ID or APP name.
On right side of the library you can view basic details of the
Apps , like APP ID, APP Type , Database etc.

26
How to read FIORI Library

27
How to read FIORI Library
In Implementation Information tab ->
Configuration , you can view below
details of the Apps.
• Version/ Release of S/4
• Technical Configuration
• Target Mapping
• App Launcher
• Business Catalog
• Business Group
• Business Roles
• ICF Nodes for Web Dynpro Applications
• OData Service details
• Bex Query

28
Important FIORI T-codes and Tables
T-code Tcode Text
/UI2/CACHE_DEL Delete cache entries
/UI2/CUST Customizing of UI Technologies
/UI2/FLC Fiori Launchpad Checks
/UI2/FLIA Fiori Launchpad Intent Analyis
/UI2/FLP SAP Fiori Launchpad
/UI2/FLP_CONTCHECK Fiori Launchpad – Content Checks
/UI2/FLP_INTENTCHECK Fiori Launchpad – Intent Checks
/UI2/FLPD_CONF Fiori Launchpad Designer (cross-client)
/UI2/FLPD_CUST Fiori Launchpad Designer (client-specific)
/UI2/GW_ACTIVATE Gateway – Activation
/UI2/GW_APPS_LOG Gateway – Application Log
/UI2/GW_ERR_LOG Gateway – Error Log
/UI2/GW_MAINT_SRV Gateway – Service Maintenance
/UI2/GW_SYS_ALIAS Gateway – Manage SAP System Alias
/UI2/NWBC Start UI2 NWBC
/UI2/SEMOBJ Define Semantic Object – Customer

29
 ​

THANK YOU

30