Hello everyone,
I am new to SCN and am amazed by the wealth of information that is available here! We are currently doing a small project within our company for HCM Fiori apps, based on this experience we plan on implementing Fiori in other areas of our organization. I have a question about the Fiori launchpad authorizations.
P.S. - I have tried to reach through all the blogs and the content here, I feel like I am missing something very basic. If there is something I have missed
Our system set up(trusted RFC etc.) is complete, our gateway and ECC systems are on different servers. We installed all add-ons, actualy things worked quite seamlessly as we were following all the documents step by step. We created the following roles:
On Gateway:
Z_GW_USER - /IWFND/RT_GW_USER and S_SERVICE(users + admin)
Z_GW_ADM - /IWFND/RT_ADMIN, S_DEVELOP, /UI2/CHIP, S_CTC_ADM(admin)
Z_UI_ADM - Copy SAP_UI2_ADMIN_700 and add IWSG. Auths. for ZINTEROP*, ZPAGE_BUILDER_CONF*, ZPAGE_BUILDER_CUST*,
ZPAGE_BUILDER_PERS*, ZTRANSPORT* (admin)
Z_UI_USER - Copy SAP_UI2_USER_700 and add IWSG auths for: ZINTEROP* and • ZPAGE_BUILDER_PERS* (user)
Z_TIMESHEET_BUS - Copy SAP_HR_BCR_EMPLOYEE_T and add. Auth for ZHCM_TIMESHEET_MAN_SRV(user)
Z_TIMESHEET_TECH - Copy SAP_HR_TCR_T and add auths. for timesheet service -> document said that this role is in the backend, but we actually could not find it in the backend(user)
Z_HCM_FIORI - role with Z catalog and Z group added(see below)
On ECC:
Z_RFC_USER - S_RFC and S_RFCACL(user)
Z_HR_START - start auths. for HCM_TIMESHEET_MAN oData service(IWSV auths.) (user)
The problem is, when we assign these roles to an end user, the Fiori launchpad is blank. We have another generic role that we assign to end users, when we assign this role, all HCM apps show up and the custom catalog also shows up -> I don't think this issue is related to technical config. as the apps are working when they show up.
Our requirement is - users should only see 2 apps "My Timesheet" and "Leave request" I created another catalog and group with only these apps and created a new role on gateway with the relevant catalog and group added(Z_HCM_FIORI), but it did not help.
So we either see ALL HCM apps, or nothing. See screenshots below. How can I reach a point where users only see these 2 apps, and I as launchpad admin can add apps later to the catalog and group and they automatically start showing up.
No apps:
All apps show,custom catalog also shows:
Is there something we are doing wrong here?
Regards,
Brian
- SAP Managed Tags:
Accepted Solutions (0)
Answers (8)
Sarbjeet and Rajesh,
Thank you for the comments. The system alias for those services have been set to LOCAL, so I am not sure if that is the problem.
- I ran all cache deletion reports that you mentioned, the only 2 things I was unable to perform was run the report in our backend ECC.
So, we have a user testuser1 that only has the auths. you menionted, we see NO tiles in the launchpad. I checked the role, it has the catalog and the group, see below screenshot.
I ran transaction stauthtrace and I see below error - No authorization group is user master record, object S_USER_GRP.
I will work with the authorization team to assign this auth. object, but I was under the impression that these roles should be enough to display only 2 tiles to the end user.
Do you have any other suggestions as to why we might not be able to see only 2 tiles in the Launchpad?
Best,
Brian
All,
Here is a quick update, we ran some reports to invalidate cache /UI2/INVAIDATE_GLOBAL_CACHES and now we are in a much worse position.
We don't see any tiles in the Launchpad anymore. Individual apps when access via app URL work fine. Can someone please help us?
In Launchpad designer, we see a bunch of "Reference lost" . All these looked fine earlier and there were a lot of catalogs that are now absent. See below screenshots.
Best,
Brian
| User | Count |
|---|---|
| 95 | |
| 11 | |
| 10 | |
| 9 | |
| 9 | |
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.