cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FIORI roles and authorization issue

former_member290907
Participant

on ‎08-31-2016 9:36 AM

0 Kudos

Hi Folks,

In our project we have implemented around 200 applications based on HANA DB and Any DB. Now we are creating the roles for each applications. So just to make you better understand the issue I am taking an example of an application "Manage Supplier Invoice for Accounts Payable Accountant - Procurement". For this particular application I have assigned the PFCG role for business catalog SAP_BR_AP_ACCOUNTANT_PROCURMENT to the test user along with R3TR IWSV MM_SUPPLIER_INVOICE_MANAGE_001 & R3TR IWSG MM_SUPPLIER_INVOICE_MANAGE services. But now user is getting an error that "user has no authorization for operation READ on object BUS2081" also in SU53 it is showing that activity is missing for some authorization object.

So I manually added the missing authorization objects in Roles --> Authorization and now application is working fine. But here my concern is that I have never read it anywhere that authorization objects have to be assigned manually to FIORI roles, we just need to assign the catalog, group and the required service like I did.  I request you to help me understand that whether it is required to manually add objects in FIORI role  or share any document on FIORI roles and authorization.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member290907
Participant
‎09-07-2016 2:33 PM
0 Kudos

Hi Folks,

Does anyone have any idea on this?

Thanks

Ashish Hans

Show replies
Show replies
masa_139
Product and Topic Expert
Product and Topic Expert
‎09-07-2016 2:48 PM
0 Kudos

Hi Ashish,

Fiori apps are renew UI for existing ERP functions. So the baseline is that users should have authorization objects for handling ERP functions. It seems those objects are missing in the user.

Easy way for testing is running the transaction/function in ERP without Fiori.

Regards,

Masa / SAP Technology RIG

Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert
‎09-07-2016 3:41 PM
0 Kudos

Hi Ashish,

Yeeeessss ... the authorizations doco could use some work.

It's not too bad for the Fiori stuff but the rest of the backend roles means diving into the S/4HANA help documentation on help.sap.com.

Re the Fiori apps....

All Fiori users need:

* S_RFCACL and S_RFC

* ZSAP_UI2_ADMIN collective role in the frontend server

* S_ESH_CONN in the backend server (if they are to use factsheets)

* Authorization to the OData Services for their Fiori apps - the UI Technology Guide for S/4HANA explains how to set this up.

Usually the Fiori app library help should tell you if there are any other backend roles associated with the app.

Rgds,

Jocelyn

Former Member
‎09-01-2016 7:41 AM
0 Kudos

you need to Assign Authorization Object S_RFCACL  in Backend System to User ,

also CheckbelowLink

https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/index.html#/multiHome

it will tell you Which Roles u need to Assign to User Manually for Specific Application

Thanks

Ashish

Show replies
Show replies
former_member290907
Participant
‎09-01-2016 9:06 AM
0 Kudos

Thank you Ashish for your reply.

I have assigned the required authorization to the user based on the FIORI library also the object you mentioned is assigned to user but still user is getting authorization object missing error. Can you please let me know if I will have to assign the particular t-code authorization.

Regards

Ashish

Former Member
‎09-01-2016 12:52 PM
0 Kudos

Can you please Send me Error Log

former_member290907
Participant
‎09-01-2016 4:36 PM
0 Kudos

Attached is the screenshot of SU53

Former Member
‎09-02-2016 7:24 AM
0 Kudos

Add Above Authorization object into one Roll and Assign it to User id

former_member290907
Participant
‎09-02-2016 8:42 AM
0 Kudos

Ashish, this is my concern. Why I am getting authorization object missing error though I have assigned the required PFCG role for Business Catalog along with OData services. Can you please let me know the reason behind this issue.

Ask a Question