Upload
nagendra-babu
View
42
Download
0
Embed Size (px)
Citation preview
Configuring SAP Fiori Apps A Quick Guide
An example-based step-by-step guide to enable the usage of
transactional SAP Fiori apps with specific focus on the
SAP Fiori app for SAP TDMS 4.0: Manage TDMS Execution
Version 1.0 2014-07-02
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 2
© Copyright 2014 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. SAP Landscape Transformation Replication Server installation SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Disclaimer
The content of this document is not part of SAP product documentation. SAP does not guarantee the correctness of the information provided. You may not infer any product documentation claims against SAP based on this information.
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 3
Contents
Introduction ........................................................................................................................... 4
Prerequisites .................................................................................................................................. 4
Out of Scope ................................................................................................................................... 4
Configuration Overview ................................................................................................................. 5
Process Steps.................................................................................................................................. 7
1 Preparation .................................................................................................................. 10
Create Administrator User on Front-End Server .............................................................. 10 1.1
Create Test User on Front-End Server ............................................................................. 10 1.2
2 Initial Configuration on Front-End Server (One-Time Activities) .............................. 10
Activate OData Services for SAP Fiori Launchpad ............................................................ 10 2.1
Activate SICF Services for SAP Fiori Launchpad ............................................................... 13 2.2
Assign Administrator Role for SAP Fiori Launchpad to Administration User ................... 14 2.3
Assign Role with Launchpad Start Authorization for End Users ...................................... 15 2.4
Perform Checks: SAP Fiori Launchpad Designer and SAP Fiori Launchpad...................... 16 2.5
3 App-Specific Configuration ......................................................................................... 16
Open Product Documentation for Manage TDMS Execution App .................................. 16 3.1
Activities on Front-End Server ......................................................................................... 17 3.2
3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator).......................... 17
3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori Administrator) ........ 17
3.2.3 Activate OData Service for App (SAP Fiori Administrator) ....................................... 17
3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog and Group. 18
3.2.5 Add Start Authorizations for OData Service of Apps to Business Role .................... 19
3.2.6 Assign Business Role to Test User on Front-End Server ........................................... 20
3.2.7 Perform Check: SAP Fiori Launchpad with App Content ......................................... 20
Activities on Back-End Server ........................................................................................... 21 3.3
3.3.1 Assign RFC Authorization to Test User ..................................................................... 21
3.3.2 Assign PFCG Role with OData Service Authorization to Test User ........................... 21
3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations ................. 22
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 4
Introduction
This document guides you through the steps required to enable users to access transactional SAP Fiori apps in the SAP Fiori Launchpad. The process is described using the example of the Manage TDMS Execution app. It follows a straight-forward path with several prerequisites already in place. The documentation is intended - to give you an insight into the setup process for transactional SAP Fiori apps. The approach does not necessarily correspond to the system setup in a productive environment. For SAP Fiori app implementation in a productive environment, see the central implementation information for SAP Fiori1 on the SAP Help Portal.
Prerequisites
The following conditions must be met:
All required components are installed. For more information, see the following documentation on SAP Help Portal:
o Implementation Overview2 o For transactional apps and fact sheets: Central Implementation
Information
Initial configuration of SAP NetWeaver Gateway is in place. For more information, see Basic Configuration Settings3
HTTPS connectivity is enabled between the front-end server (FES) running SAP NetWeaver Gateway and the back-end systems
In the ICM the fundamental ability of connecting to a system with HTTP(S) is activated.
In the ICF certain services can be activated, e.g. /sap/public/ping service for connection testing.
Out of Scope
SAP Smart Business cockpits
1 http://help.sap.com SAP Business Suite SAP Fiori for SAP Business Suite SAP Fiori for SAP Business Suite 7 Innovations 2013 SAP Fiori Apps – Overview Transactional Apps and Fact Sheets Central Implementation Information 2 http://help.sap.com SAP Business Suite SAP Fiori for SAP Business Suite SAP Fiori for SAP Business Suite 7 Innovations 2013 SAP Fiori Apps – Overview SAP Fiori Implementation Overview 3 http://help.sap.com SAP NetWeaver SAP NetWeaver Gateway SAP NetWeaver Gateway 2.0 Configuration and Deployment Information Basic Configuration Settings
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 5
SAP Fiori fact sheets Single sign-on
Authorizations in complex system landscapes
Back-end configuration to enable the business functionality, for example, configuration of SAP Test Data Management Server(SAP TDMS),
Configuration Overview
The configuration of SAP Fiori apps requires steps on a front-end Server (FES) and on
the connected SAP TDMS back-end system.
On the front-end server resides an SAP NetWeaver Gateway system with the SAP
NetWeaver UI Add-On.
On the back-end server, the SAP TDMS system is installed,.
The SAP NetWeaver UI Add-On includes the SAP Fiori Launchpad designer, which is the
administration tool to configure the content for the SAP Fiori Launchpad.
The SAP Fiori Launchpad is the entry point for end users. They access the
Launchpad and the Launchpad designer from a Web browser via secure requests to
the FES.
To enable these requests, UI5 applications and their related OData services need to be
activated in SAP NetWeaver Gateway on FES. In addition, users need start
authorizations for the services on the front-end and authorizations for related functions
on the back-end.
The majority of configuration steps are activation steps (for applications and services)
and authorization steps on both the front-end server and in back-end systems.
Chapter 2 describes the initial configuration of the SAP Fiori Launchpad and of the SAP
Fiori Launchpad designer:
Activation of the ICF services of the SAP Fiori Launchpad to create the HTTP request handlers for the Launchpad URLs
Activation of the OData services for the SAP NetWeaver UI Add-On Creation of a PFCG role for administrators with authorizations for the SAP Fiori
Launchpad designer
Creation of a PFCG role for end users with authorizations for the SAP Fiori Launchpad
At the end of these one-time activities you can launch the SAP Fiori Launchpad
designer and the SAP Fiori Launchpad.
Chapter 3 describes how to configure individual SAP Fiori apps using the example of
the Manage TDMS Execution app.
Manage TDMS Execution is included in the business catalog of apps available for the
role System Administrator.
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 6
On Front-end Server (FES) you have to do the following:
Activate the OData services and ICF nodes for the SAP UI5 applications in SAP NetWeaver Gateway. This enables the corresponding HTTP request handlers.
Create a PFCG role that provides access to the relevant catalog in the SAP Fiori Launchpad. In our example, we copy the sample business role delivered by SAP.
Add start authorizations for the required OData service to the business role (we provide an unsecure shortcut: use wildcard authorization).
Assign the role to a user, which has to have the same user name as in the back-end system
Adapt the business catalog to your needs in the SAP Fiori Launchpad designer
In addition, the user must be assigned the authorizations required in the back-end to be
able to run the apps. You have to do the following:
Assign the RFC Authorization to the user to allow remote access from the front-end server to the back-end server
Assign and generate the authorizations to call and perform the OData services on the back-end
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 7
Process Steps
Step Back-End Server/
Front-End Server/ Other
Transaction Data Required
Preparation Create administrator user
Front-End Server SU01 User name as on the back-end server
Create test user
Front-End Server SU01 User name as on the back-end server
Initial Configuration on Front-End Server (One-Time Activities)
Activate OData services for SAP Fiori Launchpad
Front-End Server /IWFND/MAINT_SERVICE
/UI2/PAGE_BUILDER_CONF
/UI2/PAGE_BUILDER_PERS
/UI2/PAGE_BUILDER_CUST
/UI2/INTEROP /UI2/TRANSPORT
Activate SICF services for SAP Fiori Launchpad
Front-End Server SICF Full list for both Launchpad and designer:
/default_host/sap/bc/ui2/nwbc
/default_host/sap/bc/ui2/start_up
/default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch
/default_host/sap/bc/ui5_ui5/sap/ar_srvc_news
/default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn
/default_host/sap/bc/ui5_ui5/ui2/ushell
/default_host/sap/public/bc/ui2/default_host/sap/public/bc/ui5_ui5
Assign administrator role for SAP Fiori Launchpad to adminstration user
Front-End Server PFCG SAP role: SAP_UI2_Admin_700
The activated gateway service names for:
o /UI2/PAGE_BUILDER_CONF o /UI2/PAGE_BUILDER_PERS o /UI2/PAGE_BUILDER_CUST o /UI2/INTEROP o /UI2/TRANSPORT
Assign role with Launchpad start authorization for end users
Front-End Server PFCG SAP role: SAP_UI2_User_700
The activated gateway service names for:
o /UI2/PAGE_BUILDER_PERS o /UI2/INTEROP
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 8
Perform checks:SAP Fiori Launchpad designer and SAP Fiori Launchpad
Front-End Server Web browser
URL of Launchpad designer, see Testing the Launchpad Designer4
URL of Launchpad, see Testing the Launchpad5
App-Specific Configuration
Open product documentation for Manage TDMS Execution app
Public internet Implementation Information for Manage TDMS Execution6
Activities on Front-End Server Activate ICF services of UI5 application (SAP Fiori administrator)
Front-End Server SICF UI5 application for the Manage TDMS Execution app: TDMS_EXEC_MAN
Activate OData services per app (SAP Fiori administrator)
Front-End Server /IWFND/MAINT_SERVICE
SAP Fiori Launchpad designer
OData service for the Manage TDMS Execution app: TDMS_MANAGE_EXEC_SRV (1)
Business catalog for the Manage TDMS Execution app: SAP_TDMS_BC_SYSADMIN_T
Copy template business role to create role with Launchpad catalog and group
Front-End Server PFCG the business role related to the Manage TDMS Execution app: SAP_TDMS_BCR_SYSADMIN_T
Add start authorizations for OData services of apps to business role
Front-End Server PFCG
Assign business role to test user
Front-End Server PFCG Test user on front-end server
4 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Launchpad Designer Testing the Launchpad Designer 5 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Setting Up the Launchpad and Launchapd Designer Testing the Launchpad 6 http://service.sap.com/tdms
Introduction
Configuring transactional SAP Fiori Apps - Quick Guide 9
on front-end server Perform check: SAP Fiori Launchpad with app content
Front-End Server SAP Fiori Launchpad
Activities on Back-End Server Assign RFC authorization to test user
Back-End Server SU01 authorizations S_RFC and S_RFCACL
Assign PFCG Role with OData Service Authorization to User
Back-End Server PFCB SU01
back-end authorization role: SAP_TDMS_EXEC_MAN_APP
Perform check: SAP Fiori Launchpad with content and authorizations
Front-End Server SAP Fiori Launchpad
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 10
1 Preparation
Create Administrator User on Front-End Server 1.1
If an administrator user is not yet available on the front-end server, you have to create one. If you are using a trusted RFC connection to the back-end server, the user IDs need to be identical on the front-end and on the back-end server. The administration user needs extensive authorizations, such as S_SERVICE, S_DEVELOP, /UI2/CHIP, and S_CTS_SADM.
1. Run transaction User Maintenance (SU01) on the front-end server.
2. Create a user – if applicable, with the ID the user already has in the back-end
(see above).
Create Test User on Front-End Server 1.2
Create a test user in transaction SU01, using the same user-ID as on the back-end server.
2 Initial Configuration on Front-End Server (One-Time Activities)
The SAP Fiori Launchpad uses the User interface add-on for SAP NetWeaver. It requires the ICF nodes that provide access to the web resources, and the OData services which provide the information about the configured app tiles to be displayed. For more information, see the following documentation on SAP Help Portal under http://help.sap.com:
SAP NetWeaver User Interface Add-On for SAP NetWeaver
Especially: SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad
Activate OData Services for SAP Fiori Launchpad 2.1
The activation of the OData services and of the ICF services (described in the next section) are required to initially set up the SAP Fiori Launchpad and the SAP Fiori Launchpad designer.
SAP NetWeaver Gateway provides the infrastructure for the OData services used by the
SAP Fiori Launchpad and the SAP Fiori apps.
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 11
An OData service has to be enabled in Gateway. This basically establishes a mapping
between the technical OData service name and the corresponding back-end service
(identified by system alias, namespace, and the external service name).
1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on
the front-end server.
2. Use the system alias of your local system when activating the following services: Note:
You do not need to activate the /UI2/LAUNCHPAD service. This service is not relevant for SAP Fiori.
The service names listed below are concatenations of the namespace /UI2/ and the technical names of the individual services. Enter these concatenations when adding new services in transaction /IWFND/MAINT_SERVICE. When searching for services, you need to search either by namespace or by technical name.
/UI2/PAGE_BUILDER_CONF /UI2/PAGE_BUILDER_PERS
/UI2/PAGE_BUILDER_CUST
/UI2/INTEROP
/UI2/TRANSPORT
Result: The services are activated in your customer namespace, with the following technical names, for example:
ZINTEROP
ZPAGE_BUILDER_CONF
ZPAGE_BUILDER_CUST ZPAGE_BUILDER_PERS
ZTRANSPORT
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 12
3. Call each service once by selecting it in transaction Activate and maintain services (/IWFND/MAINT_SERVICE), then clicking Call Browser in the screen area ICF Nodes. Always select the OData node, not the SDATA node.
Note:
You have called a service successfully when an XML document is displayed without any error messages.
When you call a service, a hash key is generated in the background. The hash key is required for the generation of authorizations described under Assign Administrator Role for SAP Fiori Launchpad to Administration User.
You can verify the hash key generation in table USOBHASH in transaction Data Browser (SE16). In the selection screen, specify the following: o R3TR in the PGMID field o IWSG in the Object field o The technical service name in the OBJ_NAME field. Use the technical
name of your generated service, typically starting with Z, and having the version number appended in four-digit format with leading zeros
The hash key should be displayed in the NAME column of the results table.
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 13
Activate SICF Services for SAP Fiori Launchpad 2.2
In addition to the ICF services that correspond to the OData services it is necessary to
activate the following ICF services manually:
1. Run transaction Maintain Services (SICF) on the front-end server.
2. Activate services under the following subtrees, either by right-clicking the mouse
and selecting Activate Service, or selecting Service/host Activate from the menu:
/default_host/sap/bc/ui2/nwbc
/default_host/sap/bc/ui2/start_up
/default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch
/default_host/sap/bc/ui5_ui5/sap/ar_srvc_news
/default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn
/default_host/sap/bc/ui5_ui5/ui2/ushell
/default_host/sap/public/bc/ui2
/default_host/sap/public/bc/ui5_ui5
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 14
Note: To activate all child nodes under a service, choose the Yes button with the hierarchy icon in the Activation of ICF Services dialog box.
Assign Administrator Role for SAP Fiori Launchpad to 2.3
Administration User
In this step, you copy the SAP-delivered administrator role for the SAP Fiori Launchpad
and assign it to your administrator user. The administrator is then authorized to use the
SAP Fiori Launchpad designer.
1. Run transaction Role Maintenance (PFCG) to copy the role SAP_UI2_ADMIN_700 to your customer namespace.
2. Edit the new role in transaction Role Maintenance (PFCG) as follows: 1. On the Menu tab, open the dropdown menu of the button for adding objects
(+ button). By default, the object type Transaction is selected. Change the selection to Authorization Default.
2. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:
Program ID: R3TR
Object Type: IWSG In the table, enter the names of your activated services (see Activate OData Services for SAP Fiori Launchpad) in the form <technical name>_<four-digit version number with leading zeros>, for example:
ZINTEROP_0001
ZPAGE_BUILDER_CONF_0001
ZPAGE_BUILDER_CUST_0001 ZPAGE_BUILDER_PERS_0001
ZTRANSPORT_0001
3. On the Authorizations tab, click Propose Profile Name next to the Profile Name field. 4. Choose Change Authorization Data .
On the screen that opens up, click the Generate button.
Initial Configuration on Front-End Server (One-Time Activities)
Configuring transactional SAP Fiori Apps - Quick Guide 15
Result:
You have a role with 5 IWSG authorizations and 5 IWSV authorizations. The IWSV
authorizations are included in the role from the start, so they are not in the
customer namespace:
5. Assign the new role to the administrator user created under Create Administrator User on Front-End Server.
Assign Role with Launchpad Start Authorization for End 2.4
Users
Proceed as described under Assign Role for SAP Fiori Launchpad Administration to Administration User, but using the SAP_UI2_USER_700 role as a template and assigning only a subset of services:
ZINTEROP_0001
ZPAGE_BUILDER_PERS_0001 Assign this role to the test user you have created under Create Test User on Front-End
Server.
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 16
Perform Checks: SAP Fiori Launchpad Designer and SAP 2.5
Fiori Launchpad
Note:
For productive usage with a system landscape including SAP Web Dispatcher,
you need the Web Dispatcher links to perform the checks.
1. Look up the composition of the URLs of the Launchpad designer and the Launchpad in the following documentation:
Testing the Launchpad Designer7 Testing the Launchpad8
2. Adapt the URLs entering your landscape information, such as server and port. Note: You can determine the server and port Launchpad as follows:
Run transaction SICF Drill Down default host -> sap -> public -> ping
Right mouse click on the ping service -> click Service test
3. Check that the Launchpad designer can be opened. 4. Check that the Launchpad can be opened. At this stage, an empty Launchpad
should be displayed.
3 App-Specific Configuration
Open Product Documentation for Manage TDMS Execution 3.1
App
For the following procedures, you need information from the product documentation,
such as technical names of services, roles, and so on.
The information is included in the following sections.
However, to have a document with the required entities at hand, go to
http://service.sap.com/tdms and open the Implementation Information for Manage
TDMS Execution.
7 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Launchpad Designer Testing the Launchpad Designer 8 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Setting Up the Launchpad and Launchpad Designer Testing the Launchpad
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 17
Activities on Front-End Server 3.2
3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator)
To activate the Manage TDMS Execution app, you must perform this procedure, as
well as the activation of the OData services per app (next section).
1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8. 3. Navigate to the following path default_host sapbc ui5_ui5 sap. 4. Under this node, navigate to the UI5 application for the Manage TDMS Execution
app: TDMS_EXEC_MAN. 5. To activate the service (UI5 application), choose Service/host Activate.
3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori
Administrator)
To make images available in the app, you must perform this procedure.
1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8. 3. Navigate to the following path default_host sapbc bsp sap. 4. Under this node, navigate to the SICF service: TDMS_EXEC_MAN. 5. To activate the service, choose Service/host Activate.
3.2.3 Activate OData Service for App (SAP Fiori Administrator)
1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on the front-end server.
2. Click Add Service. 3. Enter the system alias of your back-end system.
4. In the External Service Name field, enter the technical name of the OData service for the Manage TDMS Execution app without the version number: TDMS_MANAGE_EXEC_SRV .
5. Enter the version number – “1” in our example – into the Version field. 6. Click Get Services.
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 18
7. Click Add Selected Services. A popup opens up:
8. Give the service a technical name in your customer namespace. 9. Assign a package or choose Local Object. 10. Click Execute to save the service. 11. In the Activate and maintain services screen, verify that the system alias is
maintained correctly. If not, change it as required by deleting the alias and adding the correct one.
3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog
and Group
You must perform this step and the following authorization- and-role-related tasks on the front-end server to equip the test user with all rights needed for the app. SAP delivers business roles for users of SAP Fiori apps. Business roles provide access to a sample of apps relevant for specific business users. The authorization for the Manage TDMS Execution app is included in the business role for the System Administrator (SAP_TDMS_BCR_SYSADMIN_T ). Run transaction Role Maintenance (PFCG) to copy the business role SAP_TDMS_BCR_SYSADMIN_T to your customer namespace. Note:
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 19
A business catalog and a business catalog group containing apps relevant for System Administrator are displayed under the Menu tab.
3.2.5 Add Start Authorizations for OData Service of Apps to Business Role
A user trying to consume an OData service needs the following types of authorizations:
Authorizations on the Gateway side: Role Menu entries for Authorization Defaults of type TADIR Service with object type “IWSG – Gateway: Service Groups Metadata”.
Authorizations on the back-end side: Role Menu entries for Authorization
Defaults of type TADIR Service with Object Type IWSV – Gateway Business Suite Enablement - Serv.
For the back-end entries, an example role is provided, from which the entries can be
copied (see section Assign PFCG Role with OData Service Authorization to Test User).
For the Gateway-side entries, there are no such examples, as the technical names are
entered during the activation of the service, and therefore not known in advance.
To create a role with OData start authorizations on the front-end server, proceed as
follows:
Caution:
Be aware that the check for OData service authorization can provide additional
security, especially in case SAP NetWeaver Gateway is set up as separate hub.
By specifying the services explicitly in the role menu, you control which requests
on behalf of a user can pass the Gateway.
If you use a wildcard, users can call all activated services. Unauthorized requests
can only be rejected on the back-end server, provided that the user’s
authorizations in the back-end are not sufficient.
We therefore recommend that you do not use wildcard authorizations in
productive environments.
Instead, add single services as follows:
Note
You must have called an OData service at least once before you can assign start
authorizations for it.
1. Edit the business role created under Copy Template Business Role to Create Role with Launchpad Catalog and Group in transaction Role Maintenance (PFCG).
2. On the Menu tab, open the dropdown menu of the button for adding objects (+ button). By default, the object type Transaction is selected. Change the selection to Authorization Default.
3. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 20
Program ID: R3TR Object Type: IWSG
4. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator).
Note: You need to enter the name in the form <technical name>_<four-digit version number with leading zeros>, for example, ZTDMS_MANAGE_EXEC_SRV_0001
5. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.
6. Choose Change Authorization Data . On the screen that opens up, click the Generate button.
3.2.6 Assign Business Role to Test User on Front-End Server
In transaction Role Maintenance (PFCG), assign the business role to the test user
initially created (see Create Test User on Front-End Server) by specifying the user ID
under the User tab.
3.2.7 Perform Check: SAP Fiori Launchpad with App Content
1. Open the SAP Fiori Launchpad with the test user credentials.
2. Choose Open Catalog from the menu.
The business catalog with the Manage TDMS Execution app should be visible.
At this stage, however, starting the app will lead to an error, because back-end
authorizations are still missing.
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 21
Activities on Back-End Server 3.3
3.3.1 Assign RFC Authorization to Test User
If the OData back-end service is located on a remote back-end, users need permission
to perform the RFC call on the back-end system, that is, they require the authorizations
S_RFC and S_RFCACL for trusted RFC.
In this case, and if your user does not have these authorizations yet, assign a role
including the RFC authorization objects to the back-end user that corresponds to the
test user initially created (see Create Test User on Front-End Server).
Note:
You can check whether the user has the RFC authorizations in the user
information system (by entering transaction User Maintenance (SU01) and
choosing Information Information System).
3.3.2 Assign PFCG Role with OData Service Authorization to Test User
Note:
The following procedure describes how you assign the OData service to a user
for just the Manage TDMS Execution app.
For a productive usage of Fiori apps, you would most probably do the PFCG role
assignment differently: You would create a PFCG role that contains multiple
OData start authorizations. For example, you would include the start
authorizations for all HR apps, based on the technical catalog for HR.
1. Run transaction Role Maintenance (PFCG) to copy the back-end authorization role required for the Manage TDMS Execution app to your customer namespace. The technical role name is SAP_TDMS_EXEC_MAN_APP.
2. Edit the copied business role in transaction Role Maintenance (PFCG) 3. On the Menu tab, open the dropdown menu of the button for adding objects (+
button). By default, the object type Transaction is selected. Change the selection to Authorization Default.
4. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:
a. Program ID: R3TR b. Object Type: IWSV
5. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator)
6. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.
7. Choose Change Authorization Data. On the screen that opens up, click Save and then the Generate button.
8. Run transaction User Maintenance (SU01) and assign the role to the test user user initially created (see Create Test User on Front-End Server).
App-Specific Configuration
Configuring transactional SAP Fiori Apps - Quick Guide 22
Note:
The following steps are only necessary if the user does not yet have the business
authorizations that are required to use the Manage TDMS Execution app.
1. On the Authorization tab, click Generate Profile next to the profile name. 2. Choose Maintain Authorization Data. 3. On the Authorization Details screen, click the Generate icon in the toolbar.
3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations
1. Open the SAP Fiori Launchpad with the test user credentials.
2. Choose Open Catalog from the menu.
The business catalog with the Manage TDMS Execution app should be visible.
When starting the app, the actual app functions should be available.
Note
If you get an error message stating that configuration is missing when you start
the app, it means that your back-end system has not been configured correctly
to enable the business functionality (see Out of Scope).