on 08-31-2016 9:36 AM
Hi Folks,
In our project we have implemented around 200 applications based on HANA DB and Any DB. Now we are creating the roles for each applications. So just to make you better understand the issue I am taking an example of an application "Manage Supplier Invoice for Accounts Payable Accountant - Procurement". For this particular application I have assigned the PFCG role for business catalog SAP_BR_AP_ACCOUNTANT_PROCURMENT to the test user along with R3TR IWSV MM_SUPPLIER_INVOICE_MANAGE_001 & R3TR IWSG MM_SUPPLIER_INVOICE_MANAGE services. But now user is getting an error that "user has no authorization for operation READ on object BUS2081" also in SU53 it is showing that activity is missing for some authorization object.
So I manually added the missing authorization objects in Roles --> Authorization and now application is working fine. But here my concern is that I have never read it anywhere that authorization objects have to be assigned manually to FIORI roles, we just need to assign the catalog, group and the required service like I did. I request you to help me understand that whether it is required to manually add objects in FIORI role or share any document on FIORI roles and authorization.
Thanks
Hi Folks,
Does anyone have any idea on this?
Thanks
Ashish Hans
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashish,
Fiori apps are renew UI for existing ERP functions. So the baseline is that users should have authorization objects for handling ERP functions. It seems those objects are missing in the user.
Easy way for testing is running the transaction/function in ERP without Fiori.
Regards,
Masa / SAP Technology RIG
Hi Ashish,
Yeeeessss ... the authorizations doco could use some work.
It's not too bad for the Fiori stuff but the rest of the backend roles means diving into the S/4HANA help documentation on help.sap.com.
Re the Fiori apps....
All Fiori users need:
* S_RFCACL and S_RFC
* ZSAP_UI2_ADMIN collective role in the frontend server
* S_ESH_CONN in the backend server (if they are to use factsheets)
* Authorization to the OData Services for their Fiori apps - the UI Technology Guide for S/4HANA explains how to set this up.
Usually the Fiori app library help should tell you if there are any other backend roles associated with the app.
Rgds,
Jocelyn
you need to Assign Authorization Object S_RFCACL in Backend System to User ,
also CheckbelowLink
https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/index.html#/multiHome
it will tell you Which Roles u need to Assign to User Manually for Specific Application
Thanks
Ashish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Ashish for your reply.
I have assigned the required authorization to the user based on the FIORI library also the object you mentioned is assigned to user but still user is getting authorization object missing error. Can you please let me know if I will have to assign the particular t-code authorization.
Regards
Ashish
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.