Tdms fiori-config-quickgude

Configuring SAP Fiori Apps A Quick Guide

An example-based step-by-step guide to enable the usage of

transactional SAP Fiori apps with specific focus on the

SAP Fiori app for SAP TDMS 4.0: Manage TDMS Execution

Version 1.0 2014-07-02

Introduction

Configuring transactional SAP Fiori Apps - Quick Guide 2

© Copyright 2014 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. SAP Landscape Transformation Replication Server installation SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Disclaimer

The content of this document is not part of SAP product documentation. SAP does not guarantee the correctness of the information provided. You may not infer any product documentation claims against SAP based on this information.

Introduction


Contents

Introduction ........................................................................................................................... 4

Prerequisites .................................................................................................................................. 4

Out of Scope ................................................................................................................................... 4

Configuration Overview ................................................................................................................. 5

Process Steps.................................................................................................................................. 7

1 Preparation .................................................................................................................. 10

Create Administrator User on Front-End Server .............................................................. 10 1.1

Create Test User on Front-End Server ............................................................................. 10 1.2

2 Initial Configuration on Front-End Server (One-Time Activities) .............................. 10

Activate OData Services for SAP Fiori Launchpad ............................................................ 10 2.1

Activate SICF Services for SAP Fiori Launchpad ............................................................... 13 2.2

Assign Administrator Role for SAP Fiori Launchpad to Administration User ................... 14 2.3

Assign Role with Launchpad Start Authorization for End Users ...................................... 15 2.4

Perform Checks: SAP Fiori Launchpad Designer and SAP Fiori Launchpad...................... 16 2.5

3 App-Specific Configuration ......................................................................................... 16

Open Product Documentation for Manage TDMS Execution App .................................. 16 3.1

Activities on Front-End Server ......................................................................................... 17 3.2

3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator).......................... 17

3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori Administrator) ........ 17

3.2.3 Activate OData Service for App (SAP Fiori Administrator) ....................................... 17

3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog and Group. 18

3.2.5 Add Start Authorizations for OData Service of Apps to Business Role .................... 19

3.2.6 Assign Business Role to Test User on Front-End Server ........................................... 20

3.2.7 Perform Check: SAP Fiori Launchpad with App Content ......................................... 20

Activities on Back-End Server ........................................................................................... 21 3.3

3.3.1 Assign RFC Authorization to Test User ..................................................................... 21

3.3.2 Assign PFCG Role with OData Service Authorization to Test User ........................... 21

3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations ................. 22

Introduction


Introduction

This document guides you through the steps required to enable users to access transactional SAP Fiori apps in the SAP Fiori Launchpad. The process is described using the example of the Manage TDMS Execution app. It follows a straight-forward path with several prerequisites already in place. The documentation is intended - to give you an insight into the setup process for transactional SAP Fiori apps. The approach does not necessarily correspond to the system setup in a productive environment. For SAP Fiori app implementation in a productive environment, see the central implementation information for SAP Fiori1 on the SAP Help Portal.

Prerequisites

The following conditions must be met:

All required components are installed. For more information, see the following documentation on SAP Help Portal:

o Implementation Overview2 o For transactional apps and fact sheets: Central Implementation

Information

Initial configuration of SAP NetWeaver Gateway is in place. For more information, see Basic Configuration Settings3

HTTPS connectivity is enabled between the front-end server (FES) running SAP NetWeaver Gateway and the back-end systems

In the ICM the fundamental ability of connecting to a system with HTTP(S) is activated.

In the ICF certain services can be activated, e.g. /sap/public/ping service for connection testing.

Out of Scope

SAP Smart Business cockpits

1 http://help.sap.com SAP Business Suite SAP Fiori for SAP Business Suite SAP Fiori for SAP Business Suite 7 Innovations 2013 SAP Fiori Apps – Overview Transactional Apps and Fact Sheets Central Implementation Information 2 http://help.sap.com SAP Business Suite SAP Fiori for SAP Business Suite SAP Fiori for SAP Business Suite 7 Innovations 2013 SAP Fiori Apps – Overview SAP Fiori Implementation Overview 3 http://help.sap.com SAP NetWeaver SAP NetWeaver Gateway SAP NetWeaver Gateway 2.0 Configuration and Deployment Information Basic Configuration Settings

http://help.sap.com/fiori_bs2013/helpdata/en/fb/2e57525bef617fe10000000a44538d/content.htm?frameset=/en/29/9a5652d8c3725fe10000000a441470/frameset.htm


http://help.sap.com/fiori_bs2013/helpdata/en/aa/aa41524a6b6760e10000000a423f68/content.htm?frameset=/en/29/9a5652d8c3725fe10000000a441470/frameset.htm



http://help.sap.com/saphelp_gateway20sp08/helpdata/en/f8/ed8170ef8846e2b4a26bbfbcb65d90/content.htm?frameset=/en/4c/a670b0e36c4c01ae2b9a042056f9dc/frameset.htm

http://help.sap.com/



Introduction


SAP Fiori fact sheets Single sign-on

Authorizations in complex system landscapes

Back-end configuration to enable the business functionality, for example, configuration of SAP Test Data Management Server(SAP TDMS),

Configuration Overview

The configuration of SAP Fiori apps requires steps on a front-end Server (FES) and on

the connected SAP TDMS back-end system.

On the front-end server resides an SAP NetWeaver Gateway system with the SAP

NetWeaver UI Add-On.

On the back-end server, the SAP TDMS system is installed,.

The SAP NetWeaver UI Add-On includes the SAP Fiori Launchpad designer, which is the

administration tool to configure the content for the SAP Fiori Launchpad.

The SAP Fiori Launchpad is the entry point for end users. They access the

Launchpad and the Launchpad designer from a Web browser via secure requests to

the FES.

To enable these requests, UI5 applications and their related OData services need to be

activated in SAP NetWeaver Gateway on FES. In addition, users need start

authorizations for the services on the front-end and authorizations for related functions

on the back-end.

The majority of configuration steps are activation steps (for applications and services)

and authorization steps on both the front-end server and in back-end systems.

Chapter 2 describes the initial configuration of the SAP Fiori Launchpad and of the SAP

Fiori Launchpad designer:

Activation of the ICF services of the SAP Fiori Launchpad to create the HTTP request handlers for the Launchpad URLs

Activation of the OData services for the SAP NetWeaver UI Add-On Creation of a PFCG role for administrators with authorizations for the SAP Fiori

Launchpad designer

Creation of a PFCG role for end users with authorizations for the SAP Fiori Launchpad

At the end of these one-time activities you can launch the SAP Fiori Launchpad

designer and the SAP Fiori Launchpad.

Chapter 3 describes how to configure individual SAP Fiori apps using the example of

the Manage TDMS Execution app.

Manage TDMS Execution is included in the business catalog of apps available for the

role System Administrator.

Introduction


On Front-end Server (FES) you have to do the following:

Activate the OData services and ICF nodes for the SAP UI5 applications in SAP NetWeaver Gateway. This enables the corresponding HTTP request handlers.

Create a PFCG role that provides access to the relevant catalog in the SAP Fiori Launchpad. In our example, we copy the sample business role delivered by SAP.

Add start authorizations for the required OData service to the business role (we provide an unsecure shortcut: use wildcard authorization).

Assign the role to a user, which has to have the same user name as in the back-end system

Adapt the business catalog to your needs in the SAP Fiori Launchpad designer

In addition, the user must be assigned the authorizations required in the back-end to be

able to run the apps. You have to do the following:

Assign the RFC Authorization to the user to allow remote access from the front-end server to the back-end server

Assign and generate the authorizations to call and perform the OData services on the back-end

Introduction


Process Steps

Step Back-End Server/

Front-End Server/ Other

Transaction Data Required

Preparation Create administrator user

Front-End Server SU01 User name as on the back-end server

Create test user

Front-End Server SU01 User name as on the back-end server

Initial Configuration on Front-End Server (One-Time Activities)

Activate OData services for SAP Fiori Launchpad

Front-End Server /IWFND/MAINT_SERVICE

/UI2/PAGE_BUILDER_CONF

/UI2/PAGE_BUILDER_PERS

/UI2/PAGE_BUILDER_CUST

/UI2/INTEROP /UI2/TRANSPORT

Activate SICF services for SAP Fiori Launchpad

Front-End Server SICF Full list for both Launchpad and designer:

/default_host/sap/bc/ui2/nwbc

/default_host/sap/bc/ui2/start_up

/default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch

/default_host/sap/bc/ui5_ui5/sap/ar_srvc_news

/default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn

/default_host/sap/bc/ui5_ui5/ui2/ushell

/default_host/sap/public/bc/ui2/default_host/sap/public/bc/ui5_ui5

Assign administrator role for SAP Fiori Launchpad to adminstration user

Front-End Server PFCG SAP role: SAP_UI2_Admin_700

The activated gateway service names for:

o /UI2/PAGE_BUILDER_CONF o /UI2/PAGE_BUILDER_PERS o /UI2/PAGE_BUILDER_CUST o /UI2/INTEROP o /UI2/TRANSPORT

Assign role with Launchpad start authorization for end users

Front-End Server PFCG SAP role: SAP_UI2_User_700

The activated gateway service names for:

o /UI2/PAGE_BUILDER_PERS o /UI2/INTEROP

Introduction


Perform checks:SAP Fiori Launchpad designer and SAP Fiori Launchpad

Front-End Server Web browser

URL of Launchpad designer, see Testing the Launchpad Designer4

URL of Launchpad, see Testing the Launchpad5

App-Specific Configuration

Open product documentation for Manage TDMS Execution app

Public internet Implementation Information for Manage TDMS Execution6

Activities on Front-End Server Activate ICF services of UI5 application (SAP Fiori administrator)

Front-End Server SICF UI5 application for the Manage TDMS Execution app: TDMS_EXEC_MAN

Activate OData services per app (SAP Fiori administrator)

Front-End Server /IWFND/MAINT_SERVICE

SAP Fiori Launchpad designer

OData service for the Manage TDMS Execution app: TDMS_MANAGE_EXEC_SRV (1)

Business catalog for the Manage TDMS Execution app: SAP_TDMS_BC_SYSADMIN_T

Copy template business role to create role with Launchpad catalog and group

Front-End Server PFCG the business role related to the Manage TDMS Execution app: SAP_TDMS_BCR_SYSADMIN_T

Add start authorizations for OData services of apps to business role

Front-End Server PFCG

Assign business role to test user

Front-End Server PFCG Test user on front-end server

4 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Launchpad Designer Testing the Launchpad Designer 5 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Setting Up the Launchpad and Launchapd Designer Testing the Launchpad 6 http://service.sap.com/tdms

http://help.sap.com/saphelp_uiaddon10/helpdata/en/2d/98610a5bcf43dfad588e755459dc42/content.htm?frameset=/en/a7/fff23179874b34a8a5b995c3a55a63/frameset.htm

http://help.sap.com/saphelp_uiaddon10/helpdata/en/e0/8c9cfe07b8431b884048700067aa1a/content.htm?frameset=/en/a7/fff23179874b34a8a5b995c3a55a63/frameset.htm


http://service.sap.com/tdms









Introduction


on front-end server Perform check: SAP Fiori Launchpad with app content

Front-End Server SAP Fiori Launchpad

Activities on Back-End Server Assign RFC authorization to test user

Back-End Server SU01 authorizations S_RFC and S_RFCACL

Assign PFCG Role with OData Service Authorization to User

Back-End Server PFCB SU01

back-end authorization role: SAP_TDMS_EXEC_MAN_APP

Perform check: SAP Fiori Launchpad with content and authorizations

Front-End Server SAP Fiori Launchpad



1 Preparation

Create Administrator User on Front-End Server 1.1

If an administrator user is not yet available on the front-end server, you have to create one. If you are using a trusted RFC connection to the back-end server, the user IDs need to be identical on the front-end and on the back-end server. The administration user needs extensive authorizations, such as S_SERVICE, S_DEVELOP, /UI2/CHIP, and S_CTS_SADM.

1. Run transaction User Maintenance (SU01) on the front-end server.

2. Create a user – if applicable, with the ID the user already has in the back-end

(see above).

Create Test User on Front-End Server 1.2

Create a test user in transaction SU01, using the same user-ID as on the back-end server.

2 Initial Configuration on Front-End Server (One-Time Activities)

The SAP Fiori Launchpad uses the User interface add-on for SAP NetWeaver. It requires the ICF nodes that provide access to the web resources, and the OData services which provide the information about the configured app tiles to be displayed. For more information, see the following documentation on SAP Help Portal under http://help.sap.com:

SAP NetWeaver User Interface Add-On for SAP NetWeaver

Especially: SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad

Activate OData Services for SAP Fiori Launchpad 2.1

The activation of the OData services and of the ICF services (described in the next section) are required to initially set up the SAP Fiori Launchpad and the SAP Fiori Launchpad designer.

SAP NetWeaver Gateway provides the infrastructure for the OData services used by the

SAP Fiori Launchpad and the SAP Fiori apps.

https://help.sap.com/nw-uiaddon

https://help.sap.com/saphelp_uiaddon10/helpdata/en/a7/fff23179874b34a8a5b995c3a55a63/frameset.htm

https://help.sap.com/saphelp_uiaddon10/helpdata/en/a7/fff23179874b34a8a5b995c3a55a63/frameset.htm



An OData service has to be enabled in Gateway. This basically establishes a mapping

between the technical OData service name and the corresponding back-end service

(identified by system alias, namespace, and the external service name).

1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on

the front-end server.

2. Use the system alias of your local system when activating the following services: Note:

You do not need to activate the /UI2/LAUNCHPAD service. This service is not relevant for SAP Fiori.

The service names listed below are concatenations of the namespace /UI2/ and the technical names of the individual services. Enter these concatenations when adding new services in transaction /IWFND/MAINT_SERVICE. When searching for services, you need to search either by namespace or by technical name.

/UI2/PAGE_BUILDER_CONF /UI2/PAGE_BUILDER_PERS

/UI2/PAGE_BUILDER_CUST

/UI2/INTEROP

/UI2/TRANSPORT

Result: The services are activated in your customer namespace, with the following technical names, for example:

ZINTEROP

ZPAGE_BUILDER_CONF

ZPAGE_BUILDER_CUST ZPAGE_BUILDER_PERS

ZTRANSPORT



3. Call each service once by selecting it in transaction Activate and maintain services (/IWFND/MAINT_SERVICE), then clicking Call Browser in the screen area ICF Nodes. Always select the OData node, not the SDATA node.

Note:

You have called a service successfully when an XML document is displayed without any error messages.

When you call a service, a hash key is generated in the background. The hash key is required for the generation of authorizations described under Assign Administrator Role for SAP Fiori Launchpad to Administration User.

You can verify the hash key generation in table USOBHASH in transaction Data Browser (SE16). In the selection screen, specify the following: o R3TR in the PGMID field o IWSG in the Object field o The technical service name in the OBJ_NAME field. Use the technical

name of your generated service, typically starting with Z, and having the version number appended in four-digit format with leading zeros

The hash key should be displayed in the NAME column of the results table.



Activate SICF Services for SAP Fiori Launchpad 2.2

In addition to the ICF services that correspond to the OData services it is necessary to

activate the following ICF services manually:

1. Run transaction Maintain Services (SICF) on the front-end server.

2. Activate services under the following subtrees, either by right-clicking the mouse

and selecting Activate Service, or selecting Service/host Activate from the menu:

/default_host/sap/bc/ui2/nwbc

/default_host/sap/bc/ui2/start_up

/default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch

/default_host/sap/bc/ui5_ui5/sap/ar_srvc_news

/default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn

/default_host/sap/bc/ui5_ui5/ui2/ushell

/default_host/sap/public/bc/ui2

/default_host/sap/public/bc/ui5_ui5



Note: To activate all child nodes under a service, choose the Yes button with the hierarchy icon in the Activation of ICF Services dialog box.

Assign Administrator Role for SAP Fiori Launchpad to 2.3

Administration User

In this step, you copy the SAP-delivered administrator role for the SAP Fiori Launchpad

and assign it to your administrator user. The administrator is then authorized to use the

SAP Fiori Launchpad designer.

1. Run transaction Role Maintenance (PFCG) to copy the role SAP_UI2_ADMIN_700 to your customer namespace.

2. Edit the new role in transaction Role Maintenance (PFCG) as follows: 1. On the Menu tab, open the dropdown menu of the button for adding objects

(+ button). By default, the object type Transaction is selected. Change the selection to Authorization Default.

2. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:

Program ID: R3TR

Object Type: IWSG In the table, enter the names of your activated services (see Activate OData Services for SAP Fiori Launchpad) in the form <technical name>_<four-digit version number with leading zeros>, for example:

ZINTEROP_0001

ZPAGE_BUILDER_CONF_0001

ZPAGE_BUILDER_CUST_0001 ZPAGE_BUILDER_PERS_0001

ZTRANSPORT_0001

3. On the Authorizations tab, click Propose Profile Name next to the Profile Name field. 4. Choose Change Authorization Data .

On the screen that opens up, click the Generate button.



Result:

You have a role with 5 IWSG authorizations and 5 IWSV authorizations. The IWSV

authorizations are included in the role from the start, so they are not in the

customer namespace:

5. Assign the new role to the administrator user created under Create Administrator User on Front-End Server.

Assign Role with Launchpad Start Authorization for End 2.4

Users

Proceed as described under Assign Role for SAP Fiori Launchpad Administration to Administration User, but using the SAP_UI2_USER_700 role as a template and assigning only a subset of services:

ZINTEROP_0001

ZPAGE_BUILDER_PERS_0001 Assign this role to the test user you have created under Create Test User on Front-End

Server.



Perform Checks: SAP Fiori Launchpad Designer and SAP 2.5

Fiori Launchpad

Note:

For productive usage with a system landscape including SAP Web Dispatcher,

you need the Web Dispatcher links to perform the checks.

1. Look up the composition of the URLs of the Launchpad designer and the Launchpad in the following documentation:

Testing the Launchpad Designer7 Testing the Launchpad8

2. Adapt the URLs entering your landscape information, such as server and port. Note: You can determine the server and port Launchpad as follows:

Run transaction SICF Drill Down default host -> sap -> public -> ping

Right mouse click on the ping service -> click Service test

3. Check that the Launchpad designer can be opened. 4. Check that the Launchpad can be opened. At this stage, an empty Launchpad

should be displayed.

3 App-Specific Configuration

Open Product Documentation for Manage TDMS Execution 3.1

App

For the following procedures, you need information from the product documentation,

such as technical names of services, roles, and so on.

The information is included in the following sections.

However, to have a document with the required entities at hand, go to

http://service.sap.com/tdms and open the Implementation Information for Manage

TDMS Execution.

7 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Launchpad Designer Testing the Launchpad Designer 8 http://help.sap.com SAP NetWeaver User Interface Add-On for SAP NetWeaver Application Help Administration Guide Content Administration SAP Fiori Launchpad Setting Up the Launchpad and Launchpad Designer Testing the Launchpad

http://help.sap.com/saphelp_uiaddon10/helpdata/en/2d/98610a5bcf43dfad588e755459dc42/content.htm?frameset=/en/a7/fff23179874b34a8a5b995c3a55a63/frameset.htm







Activities on Front-End Server 3.2

3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator)

To activate the Manage TDMS Execution app, you must perform this procedure, as

well as the activation of the OData services per app (next section).

1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8. 3. Navigate to the following path default_host sapbc ui5_ui5 sap. 4. Under this node, navigate to the UI5 application for the Manage TDMS Execution

app: TDMS_EXEC_MAN. 5. To activate the service (UI5 application), choose Service/host Activate.

3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori

Administrator)

To make images available in the app, you must perform this procedure.

1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8. 3. Navigate to the following path default_host sapbc bsp sap. 4. Under this node, navigate to the SICF service: TDMS_EXEC_MAN. 5. To activate the service, choose Service/host Activate.

3.2.3 Activate OData Service for App (SAP Fiori Administrator)

1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on the front-end server.

2. Click Add Service. 3. Enter the system alias of your back-end system.

4. In the External Service Name field, enter the technical name of the OData service for the Manage TDMS Execution app without the version number: TDMS_MANAGE_EXEC_SRV .

5. Enter the version number – “1” in our example – into the Version field. 6. Click Get Services.



7. Click Add Selected Services. A popup opens up:

8. Give the service a technical name in your customer namespace. 9. Assign a package or choose Local Object. 10. Click Execute to save the service. 11. In the Activate and maintain services screen, verify that the system alias is

maintained correctly. If not, change it as required by deleting the alias and adding the correct one.

3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog

and Group

You must perform this step and the following authorization- and-role-related tasks on the front-end server to equip the test user with all rights needed for the app. SAP delivers business roles for users of SAP Fiori apps. Business roles provide access to a sample of apps relevant for specific business users. The authorization for the Manage TDMS Execution app is included in the business role for the System Administrator (SAP_TDMS_BCR_SYSADMIN_T ). Run transaction Role Maintenance (PFCG) to copy the business role SAP_TDMS_BCR_SYSADMIN_T to your customer namespace. Note:



A business catalog and a business catalog group containing apps relevant for System Administrator are displayed under the Menu tab.

3.2.5 Add Start Authorizations for OData Service of Apps to Business Role

A user trying to consume an OData service needs the following types of authorizations:

Authorizations on the Gateway side: Role Menu entries for Authorization Defaults of type TADIR Service with object type “IWSG – Gateway: Service Groups Metadata”.

Authorizations on the back-end side: Role Menu entries for Authorization

Defaults of type TADIR Service with Object Type IWSV – Gateway Business Suite Enablement - Serv.

For the back-end entries, an example role is provided, from which the entries can be

copied (see section Assign PFCG Role with OData Service Authorization to Test User).

For the Gateway-side entries, there are no such examples, as the technical names are

entered during the activation of the service, and therefore not known in advance.

To create a role with OData start authorizations on the front-end server, proceed as

follows:

Caution:

Be aware that the check for OData service authorization can provide additional

security, especially in case SAP NetWeaver Gateway is set up as separate hub.

By specifying the services explicitly in the role menu, you control which requests

on behalf of a user can pass the Gateway.

If you use a wildcard, users can call all activated services. Unauthorized requests

can only be rejected on the back-end server, provided that the user’s

authorizations in the back-end are not sufficient.

We therefore recommend that you do not use wildcard authorizations in

productive environments.

Instead, add single services as follows:

Note

You must have called an OData service at least once before you can assign start

authorizations for it.

1. Edit the business role created under Copy Template Business Role to Create Role with Launchpad Catalog and Group in transaction Role Maintenance (PFCG).

2. On the Menu tab, open the dropdown menu of the button for adding objects (+ button). By default, the object type Transaction is selected. Change the selection to Authorization Default.




Program ID: R3TR Object Type: IWSG

4. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator).

Note: You need to enter the name in the form <technical name>_<four-digit version number with leading zeros>, for example, ZTDMS_MANAGE_EXEC_SRV_0001

5. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.

6. Choose Change Authorization Data . On the screen that opens up, click the Generate button.

3.2.6 Assign Business Role to Test User on Front-End Server

In transaction Role Maintenance (PFCG), assign the business role to the test user

initially created (see Create Test User on Front-End Server) by specifying the user ID

under the User tab.

3.2.7 Perform Check: SAP Fiori Launchpad with App Content

1. Open the SAP Fiori Launchpad with the test user credentials.

2. Choose Open Catalog from the menu.

The business catalog with the Manage TDMS Execution app should be visible.

At this stage, however, starting the app will lead to an error, because back-end

authorizations are still missing.



Activities on Back-End Server 3.3

3.3.1 Assign RFC Authorization to Test User

If the OData back-end service is located on a remote back-end, users need permission

to perform the RFC call on the back-end system, that is, they require the authorizations

S_RFC and S_RFCACL for trusted RFC.

In this case, and if your user does not have these authorizations yet, assign a role

including the RFC authorization objects to the back-end user that corresponds to the

test user initially created (see Create Test User on Front-End Server).

Note:

You can check whether the user has the RFC authorizations in the user

information system (by entering transaction User Maintenance (SU01) and

choosing Information Information System).

3.3.2 Assign PFCG Role with OData Service Authorization to Test User

Note:

The following procedure describes how you assign the OData service to a user

for just the Manage TDMS Execution app.

For a productive usage of Fiori apps, you would most probably do the PFCG role

assignment differently: You would create a PFCG role that contains multiple

OData start authorizations. For example, you would include the start

authorizations for all HR apps, based on the technical catalog for HR.

1. Run transaction Role Maintenance (PFCG) to copy the back-end authorization role required for the Manage TDMS Execution app to your customer namespace. The technical role name is SAP_TDMS_EXEC_MAN_APP.

2. Edit the copied business role in transaction Role Maintenance (PFCG) 3. On the Menu tab, open the dropdown menu of the button for adding objects (+

button). By default, the object type Transaction is selected. Change the selection to Authorization Default.


a. Program ID: R3TR b. Object Type: IWSV

5. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator)

6. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.

7. Choose Change Authorization Data. On the screen that opens up, click Save and then the Generate button.

8. Run transaction User Maintenance (SU01) and assign the role to the test user user initially created (see Create Test User on Front-End Server).



Note:

The following steps are only necessary if the user does not yet have the business

authorizations that are required to use the Manage TDMS Execution app.

1. On the Authorization tab, click Generate Profile next to the profile name. 2. Choose Maintain Authorization Data. 3. On the Authorization Details screen, click the Generate icon in the toolbar.

3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations

1. Open the SAP Fiori Launchpad with the test user credentials.

2. Choose Open Catalog from the menu.

The business catalog with the Manage TDMS Execution app should be visible.

When starting the app, the actual app functions should be available.

Note

If you get an error message stating that configuration is missing when you start

the app, it means that your back-end system has not been configured correctly

to enable the business functionality (see Out of Scope).

Education

Tdms fiori-config-quickgude