cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What user roles needed to view group and catalog ?

Go to solution
Former Member

on ‎09-19-2015 4:23 PM

0 Kudos

I have the following roles assigned to user3:

And keep getting the error:

Checked SU53, user3 need the following:

If I added /UI2/PAGE_BUILDER_CUST and /UI2/TRANSPORT, the error disappear, but user3 now have rights like the administrator, have full access.

I have added user3 to the transport request used by the catalog:

According to the documentation for user role:

Configuring Roles with Launchpad Start Authorizations - User Interface Add-On for SAP NetWeaver - SA...

User Role

The launchpad user must have the PFCG role SAP_UI2_USER_700 assigned. With this role the user can run the SAP Fiori launchpad on the Personalization level and has authorization to execute the following OData services:

  • /UI2/PAGE_BUILDER_PERS
  • /UI2/INTEROP
  • /UI2/LAUNCHPAD


So what is the correct role I need to apply for user3  ?

Thank you
Welly

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

gill367
Active Contributor
‎09-20-2015 12:27 PM
0 Kudos

Hi

Why you have not included any IWSG service as suggested in the below link

Configuring Roles with Launchpad Start Authorizations - User Interface Add-On for SAP NetWeaver - SA...

Regards,

Sarbjeet Singh

Show replies
Show replies
Former Member
‎09-20-2015 12:59 PM
0 Kudos

Thank you Sarbjeet.
I added IWSG, I could access the launchpad and group, but still can't access the catalog.

Please tell me what else am I missing ?

Regards

Welly

venkateswaran_k
Active Contributor
‎09-20-2015 1:14 PM
0 Kudos

You have to bring the catalog from next page

1. click on the left most top corner icon

2. it will show a window with add catalog

3. go to add-catalog page

4. there you will find the tile with + mark

5. add it

Then you can see the tile in launch pad

Regards,

venkat

Former Member
‎09-20-2015 1:20 PM
0 Kudos

Thank you Venkat.

The catalog for this particular user is empty.
The Catalog had been added to the group by the admin user, I just need to provide enough access to user3, so he can view it, but not design it.

Regards
Welly

venkateswaran_k
Active Contributor
‎09-20-2015 1:25 PM
0 Kudos

Hi Welly

Did you verify the PFCG - roles for this user.

The appropraite Catalog and Group is added to this user in PFCG

Secondly,

Just refresh the browser and remove cache

Then you try it

Regards,

Venkat

Former Member
‎09-20-2015 1:49 PM
0 Kudos

Thanks Venkat,
Confirmed, catalog and group are in the role for this user.

Regards
welly

gill367
Active Contributor
‎09-20-2015 2:22 PM
0 Kudos

Try clearing the cache by report

/UI2/DELETE_CACHE_AFTER_IMP

Regards,

Sarbjeet Singh

Former Member
‎09-20-2015 2:41 PM
0 Kudos

Thanks Sarbjeet,

Delete the cache but didn't help.
It works if I add all the additional authorization objects listed from SU53.

Is there a better way than this ?

Regards

Welly

former_member182874
Active Contributor
‎09-20-2015 10:27 PM
0 Kudos

Hi Welly,

For every Fiori user below authorization objects are required in order to create catalogs, groups etc.

s_service (For interacting with your backend odata service)

s_Rfcacl (For interacting with your RFC user, in order to get data from your backend system using same user id)

/ui2/chip (For tile chip errors)

s_pb_chip (For page buider chips)

Assign above authorization to a custom role and assign.

Regards,
Tejas

Former Member
‎09-21-2015 1:29 AM
0 Kudos

Thanks Tejas.

Would you know where this information is documented ?

This link only mention about s_service:

http://help.sap.com/saphelp_fiorierpx1_100/helpdata/en/4d/6479521228876ae10000000a423f68/content.htm...

Regards
Welly

Colleen
Advisor
Advisor
‎09-21-2015 5:02 AM
0 Kudos

Hi Welly

Here's some information I provided on another thread for the security permissions

I didn't look at SAP standard roles or refer to documentation. If you use STAUTHTRACE trace to identify the checks you can then get the S_SERVICE values and add them to your role menu (like you already did). That way, you don't need to know the specific S_SERVICE value that is mapped in USOBAUTH table

The other tip is to look at the Gateway Error log. Switch on detailed tracing and it will tell you when you are missing a service, etc. Transaction: /IWFND/ERROR_LOG - Gateway Error Log

Regards

Colleen

Former Member
‎09-21-2015 6:09 AM
0 Kudos

Thanks Tejas.

But there is no information about /UI2/CHIP & S_PB_CHIP.

I wish these are already included in SAP_UI2_USER_700.

Kind regards
Welly

gill367
Active Contributor
‎09-21-2015 7:49 AM
0 Kudos

Hi Welly;

SAP has also acknowledged the missing authorizations in the standard role.

http://service.sap.com/sap/support/notes/2168841

Regards,

Sarbjeet Singh

Former Member
‎09-21-2015 7:54 AM
0 Kudos

Good finding Sarbjeet.Thank you.

So it is floating in the ocean of SAP notes...

Kind regards
Welly

Answers (0)

Ask a Question