Tdms Fiori Config Quickgude

22  Download (0)

Full text

(1)

Configuring SAP Fiori Apps

A Quick Guide

An example-based step-by-step guide to enable the usage of

transactional SAP Fiori apps with specific focus on the

SAP Fiori app for SAP TDMS 4.0: Manage TDMS Execution

Version 1.0 2014-07-02

(2)

Introduction

© Copyright 2014 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary.

SAP Landscape Transformation Replication Server installation SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

Disclaimer

The content of this document is not part of SAP product documentation. SAP does not guarantee the correctness of the information provided. You may not infer any product documentation claims against SAP based on this information.

(3)

Contents

Introduction ... 4 Prerequisites ... 4 Out of Scope ... 4 Configuration Overview ... 5 Process Steps... 7 1 Preparation ... 10

Create Administrator User on Front-End Server ... 10

1.1 Create Test User on Front-End Server ... 10

1.2 2 Initial Configuration on Front-End Server (One-Time Activities) ... 10

Activate OData Services for SAP Fiori Launchpad ... 10

2.1 Activate SICF Services for SAP Fiori Launchpad ... 13

2.2 Assign Administrator Role for SAP Fiori Launchpad to Administration User ... 14

2.3 Assign Role with Launchpad Start Authorization for End Users ... 15

2.4 Perform Checks: SAP Fiori Launchpad Designer and SAP Fiori Launchpad... 16

2.5 3 App-Specific Configuration ... 16

Open Product Documentation for Manage TDMS Execution App ... 16

3.1 Activities on Front-End Server ... 17

3.2 3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator)... 17

3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori Administrator) ... 17

3.2.3 Activate OData Service for App (SAP Fiori Administrator) ... 17

3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog and Group. 18 3.2.5 Add Start Authorizations for OData Service of Apps to Business Role ... 19

3.2.6 Assign Business Role to Test User on Front-End Server ... 20

3.2.7 Perform Check: SAP Fiori Launchpad with App Content ... 20

Activities on Back-End Server ... 21

3.3 3.3.1 Assign RFC Authorization to Test User ... 21

3.3.2 Assign PFCG Role with OData Service Authorization to Test User ... 21

(4)

Introduction

Introduction

This document guides you through the steps required to enable users to access transactional SAP Fiori apps in the SAP Fiori Launchpad.

The process is described using the example of the Manage TDMS Execution app. It follows a straight-forward path with several prerequisites already in place.

The documentation is intended - to give you an insight into the setup process for transactional SAP Fiori apps. The approach does not necessarily correspond to the system setup in a productive environment.

For SAP Fiori app implementation in a productive environment, see the central implementation information for SAP Fiori1 on the SAP Help Portal.

Prerequisites

The following conditions must be met:

 All required components are installed.

For more information, see the following documentation on SAP Help Portal: o Implementation Overview2

o For transactional apps and fact sheets: Central Implementation Information

 Initial configuration of SAP NetWeaver Gateway is in place. For more information, see Basic Configuration Settings3

 HTTPS connectivity is enabled between the front-end server (FES) running SAP NetWeaver Gateway and the back-end systems

 In the ICM the fundamental ability of connecting to a system with HTTP(S) is activated.

 In the ICF certain services can be activated, e.g. /sap/public/ping service for connection testing.

Out of Scope

 SAP Smart Business cockpits

1 http://help.sap.com  SAP Business Suite  SAP Fiori for SAP Business Suite  SAP Fiori

for SAP Business Suite 7 Innovations 2013  SAP Fiori Apps – Overview  Transactional Apps and Fact Sheets Central Implementation Information

2http://help.sap.com  SAP Business Suite  SAP Fiori for SAP Business Suite  SAP Fiori for

SAP Business Suite 7 Innovations 2013  SAP Fiori Apps – Overview  SAP Fiori  Implementation Overview

3http://help.sap.com  SAP NetWeaver  SAP NetWeaver Gateway  SAP NetWeaver

(5)

 SAP Fiori fact sheets  Single sign-on

 Authorizations in complex system landscapes

 Back-end configuration to enable the business functionality, for example, configuration of SAP Test Data Management Server(SAP TDMS),

Configuration Overview

The configuration of SAP Fiori apps requires steps on a front-end Server (FES) and on the connected SAP TDMS back-end system.

On the front-end server resides an SAP NetWeaver Gateway system with the SAP NetWeaver UI Add-On.

On the back-end server, the SAP TDMS system is installed,.

The SAP NetWeaver UI Add-On includes the SAP Fiori Launchpad designer, which is the administration tool to configure the content for the SAP Fiori Launchpad.

The SAP Fiori Launchpad is the entry point for end users. They access the

Launchpad and the Launchpad designer from a Web browser via secure requests to the FES.

To enable these requests, UI5 applications and their related OData services need to be activated in SAP NetWeaver Gateway on FES. In addition, users need start

authorizations for the services on the front-end and authorizations for related functions on the back-end.

The majority of configuration steps are activation steps (for applications and services) and authorization steps on both the front-end server and in back-end systems.

Chapter 2 describes the initial configuration of the SAP Fiori Launchpad and of the SAP Fiori Launchpad designer:

 Activation of the ICF services of the SAP Fiori Launchpad to create the HTTP request handlers for the Launchpad URLs

 Activation of the OData services for the SAP NetWeaver UI Add-On

 Creation of a PFCG role for administrators with authorizations for the SAP Fiori Launchpad designer

 Creation of a PFCG role for end users with authorizations for the SAP Fiori Launchpad

At the end of these one-time activities you can launch the SAP Fiori Launchpad designer and the SAP Fiori Launchpad.

Chapter 3 describes how to configure individual SAP Fiori apps using the example of the Manage TDMS Execution app.

Manage TDMS Execution is included in the business catalog of apps available for the role System Administrator.

(6)

Introduction

On Front-end Server (FES) you have to do the following:

 Activate the OData services and ICF nodes for the SAP UI5 applications in SAP NetWeaver Gateway. This enables the corresponding HTTP request handlers.  Create a PFCG role that provides access to the relevant catalog in the SAP Fiori

Launchpad. In our example, we copy the sample business role delivered by SAP.  Add start authorizations for the required OData service to the business role (we

provide an unsecure shortcut: use wildcard authorization).

 Assign the role to a user, which has to have the same user name as in the back-end system

 Adapt the business catalog to your needs in the SAP Fiori Launchpad designer

In addition, the user must be assigned the authorizations required in the back-end to be able to run the apps. You have to do the following:

 Assign the RFC Authorization to the user to allow remote access from the front-end server to the back-front-end server

 Assign and generate the authorizations to call and perform the OData services on the back-end

(7)

Process Steps

Step Back-End Server/

Front-End Server/ Other

Transaction Data Required

Preparation

Create

administrator user

Front-End Server SU01 User name as on the back-end server

Create test user Front-End Server SU01 User name as on the back-end server Initial Configuration on Front-End Server (One-Time Activities)

Activate OData services for SAP Fiori Launchpad

Front-End Server /IWFND/M AINT_SERV ICE  /UI2/PAGE_BUILDER_CONF  /UI2/PAGE_BUILDER_PERS  /UI2/PAGE_BUILDER_CUST  /UI2/INTEROP  /UI2/TRANSPORT Activate SICF services for SAP Fiori Launchpad

Front-End Server SICF Full list for both Launchpad and designer:  /default_host/sap/bc/ui2/nwbc  /default_host/sap/bc/ui2/start_up  /default_host/sap/bc/ui5_ui5/sap /ar_srvc_launch  /default_host/sap/bc/ui5_ui5/sap /ar_srvc_news  /default_host/sap/bc/ui5_ui5/sap /arsrvc_upb_admn  /default_host/sap/bc/ui5_ui5/ui2/ ushell  /default_host/sap/public/bc/ui2/d efault_host/sap/public/bc/ui5_ui5 Assign administrator role for SAP Fiori Launchpad to adminstration user

Front-End Server PFCG  SAP role: SAP_UI2_Admin_700  The activated gateway service

names for: o /UI2/PAGE_BUILDER_CONF o /UI2/PAGE_BUILDER_PERS o /UI2/PAGE_BUILDER_CUST o /UI2/INTEROP o /UI2/TRANSPORT

Assign role with Launchpad start authorization for end users

Front-End Server PFCG  SAP role: SAP_UI2_User_700  The activated gateway service

names for:

o /UI2/PAGE_BUILDER_PERS o /UI2/INTEROP

(8)

Introduction

Perform

checks:SAP Fiori Launchpad designer and SAP Fiori Launchpad

Front-End Server Web

browser  URL of Launchpad designer, see Testing the Launchpad Designer4

 URL of Launchpad, see Testing the Launchpad5 App-Specific Configuration Open product documentation for Manage TDMS Execution app

Public internet Implementa tion

Information for Manage TDMS Execution6

Activities on Front-End Server

Activate ICF services of UI5 application (SAP Fiori

administrator)

Front-End Server SICF  UI5 application for the Manage TDMS Execution app:

TDMS_EXEC_MAN

Activate OData services per app (SAP Fiori administrator)

Front-End Server  /IWFND /MAINT _SERVI CE  SAP Fiori Launch pad designer

 OData service for the Manage TDMS Execution app:

TDMS_MANAGE_EXEC_SRV (1)  Business catalog for the Manage

TDMS Execution app:

SAP_TDMS_BC_SYSADMIN_T

Copy template business role to create role with Launchpad

catalog and group

Front-End Server PFCG  the business role related to the Manage TDMS Execution app: SAP_TDMS_BCR_SYSADMIN_T Add start authorizations for OData services of apps to business role Front-End Server PFCG Assign business role to test user

Front-End Server PFCG Test user on front-end server

4 http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 

Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad Launchpad Designer  Testing the Launchpad Designer

5http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 

Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad  Setting Up the Launchpad and Launchapd Designer  Testing the Launchpad

(9)

on front-end server Perform check: SAP Fiori Launchpad with app content

Front-End Server SAP Fiori Launchpad

Activities on Back-End Server

Assign RFC authorization to test user

Back-End Server SU01  authorizations S_RFC and S_RFCACL Assign PFCG Role with OData Service Authorization to User Back-End Server PFCB

SU01  back-end authorization role: SAP_TDMS_EXEC_MAN_APP

Perform check: SAP Fiori

Launchpad with content and authorizations

Front-End Server SAP Fiori Launchpad

(10)

Initial Configuration on Front-End Server (One-Time Activities)

1 Preparation

Create Administrator User on Front-End Server

1.1

If an administrator user is not yet available on the front-end server, you have to create one.

If you are using a trusted RFC connection to the back-end server, the user IDs need to be identical on the front-end and on the back-end server.

The administration user needs extensive authorizations, such as S_SERVICE, S_DEVELOP, /UI2/CHIP, and S_CTS_SADM.

1. Run transaction User Maintenance (SU01) on the front-end server.

2. Create a user – if applicable, with the ID the user already has in the back-end (see above).

Create Test User on Front-End Server

1.2

Create a test user in transaction SU01, using the same user-ID as on the back-end server.

2 Initial Configuration on Front-End Server

(One-Time Activities)

The SAP Fiori Launchpad uses the User interface add-on for SAP NetWeaver. It requires the ICF nodes that provide access to the web resources, and the OData services which provide the information about the configured app tiles to be displayed. For more information, see the following documentation on SAP Help Portal under http://help.sap.com:

 SAP NetWeaver  User Interface Add-On for SAP NetWeaver

 Especially: SAP NetWeaver  User Interface Add-On for SAP NetWeaver  Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad

Activate OData Services for SAP Fiori Launchpad

2.1

The activation of the OData services and of the ICF services (described in the next section) are required to initially set up the SAP Fiori Launchpad and the SAP Fiori Launchpad designer.

SAP NetWeaver Gateway provides the infrastructure for the OData services used by the SAP Fiori Launchpad and the SAP Fiori apps.

(11)

An OData service has to be enabled in Gateway. This basically establishes a mapping between the technical OData service name and the corresponding back-end service (identified by system alias, namespace, and the external service name).

1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on the front-end server.

2. Use the system alias of your local system when activating the following services: Note:

 You do not need to activate the /UI2/LAUNCHPAD service. This service is not relevant for SAP Fiori.

 The service names listed below are concatenations of the namespace /UI2/ and the technical names of the individual services. Enter these

concatenations when adding new services in transaction

/IWFND/MAINT_SERVICE. When searching for services, you need to search either by namespace or by technical name.

 /UI2/PAGE_BUILDER_CONF  /UI2/PAGE_BUILDER_PERS  /UI2/PAGE_BUILDER_CUST  /UI2/INTEROP  /UI2/TRANSPORT Result:

The services are activated in your customer namespace, with the following technical names, for example:

 ZINTEROP

 ZPAGE_BUILDER_CONF  ZPAGE_BUILDER_CUST  ZPAGE_BUILDER_PERS  ZTRANSPORT

(12)

Initial Configuration on Front-End Server (One-Time Activities)

3. Call each service once by selecting it in transaction Activate and maintain services (/IWFND/MAINT_SERVICE), then clicking Call Browser in the screen area ICF Nodes. Always select the OData node, not the SDATA node.

Note:

 You have called a service successfully when an XML document is displayed without any error messages.

 When you call a service, a hash key is generated in the background. The hash key is required for the generation of authorizations described under

Assign Administrator Role for SAP Fiori Launchpad to Administration User.  You can verify the hash key generation in table USOBHASH in transaction

Data Browser (SE16). In the selection screen, specify the following: o R3TR in the PGMID field

o IWSG in the Object field

o The technical service name in the OBJ_NAME field. Use the technical name of your generated service, typically starting with Z, and having the version number appended in four-digit format with leading zeros The hash key should be displayed in the NAME column of the results table.

(13)

Activate SICF Services for SAP Fiori Launchpad

2.2

In addition to the ICF services that correspond to the OData services it is necessary to activate the following ICF services manually:

1. Run transaction Maintain Services (SICF) on the front-end server.

2. Activate services under the following subtrees, either by right-clicking the mouse and selecting Activate Service, or selecting Service/host  Activate from the menu:  /default_host/sap/bc/ui2/nwbc  /default_host/sap/bc/ui2/start_up  /default_host/sap/bc/ui5_ui5/sap/ar_srvc_launch  /default_host/sap/bc/ui5_ui5/sap/ar_srvc_news  /default_host/sap/bc/ui5_ui5/sap/arsrvc_upb_admn  /default_host/sap/bc/ui5_ui5/ui2/ushell  /default_host/sap/public/bc/ui2  /default_host/sap/public/bc/ui5_ui5

(14)

Initial Configuration on Front-End Server (One-Time Activities)

Note:

To activate all child nodes under a service, choose the Yes button with the hierarchy icon in the Activation of ICF Services dialog box.

Assign Administrator Role for SAP Fiori Launchpad to

2.3

Administration User

In this step, you copy the SAP-delivered administrator role for the SAP Fiori Launchpad and assign it to your administrator user. The administrator is then authorized to use the SAP Fiori Launchpad designer.

1. Run transaction Role Maintenance (PFCG) to copy the role SAP_UI2_ADMIN_700 to your customer namespace.

2. Edit the new role in transaction Role Maintenance (PFCG) as follows:

1. On the Menu tab, open the dropdown menu of the button for adding objects (+ button). By default, the object type Transaction is selected. Change the selection to Authorization Default.

2. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:

 Program ID: R3TR  Object Type: IWSG

In the table, enter the names of your activated services (see Activate OData Services for SAP Fiori Launchpad) in the form <technical name>_<four-digit version number with leading zeros>, for example:

 ZINTEROP_0001

 ZPAGE_BUILDER_CONF_0001  ZPAGE_BUILDER_CUST_0001  ZPAGE_BUILDER_PERS_0001  ZTRANSPORT_0001

3. On the Authorizations tab, click Propose Profile Name next to the Profile Name field. 4. Choose Change Authorization Data .

(15)

Result:

You have a role with 5 IWSG authorizations and 5 IWSV authorizations. The IWSV authorizations are included in the role from the start, so they are not in the customer namespace:

5. Assign the new role to the administrator user created under Create Administrator User on Front-End Server.

Assign Role with Launchpad Start Authorization for End

2.4

Users

Proceed as described under Assign Role for SAP Fiori Launchpad Administration to Administration User, but using the SAP_UI2_USER_700 role as a template and assigning only a subset of services:

 ZINTEROP_0001

 ZPAGE_BUILDER_PERS_0001

Assign this role to the test user you have created under Create Test User on Front-End Server.

(16)

App-Specific Configuration

Perform Checks: SAP Fiori Launchpad Designer and SAP

2.5

Fiori Launchpad

Note:

For productive usage with a system landscape including SAP Web Dispatcher, you need the Web Dispatcher links to perform the checks.

1. Look up the composition of the URLs of the Launchpad designer and the Launchpad in the following documentation:

 Testing the Launchpad Designer7

 Testing the Launchpad8

2. Adapt the URLs entering your landscape information, such as server and port. Note:

You can determine the server and port Launchpad as follows:  Run transaction SICF

 Drill Down default host -> sap -> public -> ping

 Right mouse click on the ping service -> click Service test 3. Check that the Launchpad designer can be opened.

4. Check that the Launchpad can be opened. At this stage, an empty Launchpad should be displayed.

3 App-Specific Configuration

Open Product Documentation for Manage TDMS Execution

3.1

App

For the following procedures, you need information from the product documentation, such as technical names of services, roles, and so on.

The information is included in the following sections.

However, to have a document with the required entities at hand, go to

http://service.sap.com/tdms and open the Implementation Information for Manage TDMS Execution.

7 http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 

Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad Launchpad Designer  Testing the Launchpad Designer

8http://help.sap.com  SAP NetWeaver  User Interface Add-On for SAP NetWeaver 

Application Help  Administration Guide  Content Administration  SAP Fiori Launchpad  Setting Up the Launchpad and Launchpad Designer  Testing the Launchpad

(17)

Activities on Front-End Server

3.2

3.2.1 Activate ICF Services of UI5 Application (SAP Fiori Administrator)

To activate the Manage TDMS Execution app, you must perform this procedure, as well as the activation of the OData services per app (next section).

1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8.

3. Navigate to the following path default_host sapbc  ui5_ui5  sap.

4. Under this node, navigate to the UI5 application for the Manage TDMS Execution app: TDMS_EXEC_MAN.

5. To activate the service (UI5 application), choose Service/host  Activate.

3.2.2 Activate ICF Services for Images in UI5 Application (SAP Fiori

Administrator)

To make images available in the app, you must perform this procedure. 1. Run transaction Maintain Services (SICF) on the front-end server. 2. Press F8.

3. Navigate to the following path default_host sapbc  bsp  sap. 4. Under this node, navigate to the SICF service: TDMS_EXEC_MAN. 5. To activate the service, choose Service/host  Activate.

3.2.3 Activate OData Service for App (SAP Fiori Administrator)

1. Run transaction Activate and maintain services (/IWFND/MAINT_SERVICE) on the front-end server.

2. Click Add Service.

3. Enter the system alias of your back-end system.

4. In the External Service Name field, enter the technical name of the OData service for the Manage TDMS Execution app without the version number:

TDMS_MANAGE_EXEC_SRV .

5. Enter the version number – “1” in our example – into the Version field. 6. Click Get Services.

(18)

App-Specific Configuration

7. Click Add Selected Services. A popup opens up:

8. Give the service a technical name in your customer namespace.

9. Assign a package or choose Local Object. 10. Click Execute to save the service.

11. In the Activate and maintain services screen, verify that the system alias is

maintained correctly. If not, change it as required by deleting the alias and adding the correct one.

3.2.4 Copy Template Business Role to Create Role with Launchpad Catalog

and Group

You must perform this step and the following authorization- and-role-related tasks on the front-end server to equip the test user with all rights needed for the app.

SAP delivers business roles for users of SAP Fiori apps. Business roles provide access to a sample of apps relevant for specific business users. The authorization for the Manage TDMS Execution app is included in the business role for the System Administrator (SAP_TDMS_BCR_SYSADMIN_T ).

Run transaction Role Maintenance (PFCG) to copy the business role SAP_TDMS_BCR_SYSADMIN_T to your customer namespace. Note:

(19)

A business catalog and a business catalog group containing apps relevant for System Administrator are displayed under the Menu tab.

3.2.5 Add Start Authorizations for OData Service of Apps to Business Role

A user trying to consume an OData service needs the following types of authorizations:

 Authorizations on the Gateway side: Role Menu entries for Authorization Defaults of type TADIR Service with object type “IWSG – Gateway: Service Groups Metadata”.

 Authorizations on the back-end side: Role Menu entries for Authorization Defaults of type TADIR Service with Object Type IWSV – Gateway Business Suite Enablement - Serv.

For the back-end entries, an example role is provided, from which the entries can be copied (see section Assign PFCG Role with OData Service Authorization to Test User). For the Gateway-side entries, there are no such examples, as the technical names are entered during the activation of the service, and therefore not known in advance. To create a role with OData start authorizations on the front-end server, proceed as follows:

Caution:

Be aware that the check for OData service authorization can provide additional security, especially in case SAP NetWeaver Gateway is set up as separate hub. By specifying the services explicitly in the role menu, you control which requests on behalf of a user can pass the Gateway.

If you use a wildcard, users can call all activated services. Unauthorized requests can only be rejected on the back-end server, provided that the user’s

authorizations in the back-end are not sufficient.

We therefore recommend that you do not use wildcard authorizations in productive environments.

Instead, add single services as follows:

Note

You must have called an OData service at least once before you can assign start authorizations for it.

1. Edit the business role created under Copy Template Business Role to Create Role with Launchpad Catalog and Group in transaction Role Maintenance (PFCG).

2. On the Menu tab, open the dropdown menu of the button for adding objects (+ button). By default, the object type Transaction is selected.

Change the selection to Authorization Default.

3. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:

(20)

App-Specific Configuration

 Program ID: R3TR  Object Type: IWSG

4. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator).

Note:

You need to enter the name in the form <technical name>_<four-digit version number with leading zeros>, for example, ZTDMS_MANAGE_EXEC_SRV_0001

5. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.

6. Choose Change Authorization Data .

On the screen that opens up, click the Generate button.

3.2.6 Assign Business Role to Test User on Front-End Server

In transaction Role Maintenance (PFCG), assign the business role to the test user initially created (see Create Test User on Front-End Server) by specifying the user ID under the User tab.

3.2.7 Perform Check: SAP Fiori Launchpad with App Content

1. Open the SAP Fiori Launchpad with the test user credentials. 2. Choose Open Catalog from the menu.

The business catalog with the Manage TDMS Execution app should be visible. At this stage, however, starting the app will lead to an error, because back-end authorizations are still missing.

(21)

Activities on Back-End Server

3.3

3.3.1 Assign RFC Authorization to Test User

If the OData back-end service is located on a remote back-end, users need permission to perform the RFC call on the back-end system, that is, they require the authorizations S_RFC and S_RFCACL for trusted RFC.

In this case, and if your user does not have these authorizations yet, assign a role including the RFC authorization objects to the back-end user that corresponds to the test user initially created (see Create Test User on Front-End Server).

Note:

You can check whether the user has the RFC authorizations in the user information system (by entering transaction User Maintenance (SU01) and choosing Information  Information System).

3.3.2 Assign PFCG Role with OData Service Authorization to Test User

Note:

The following procedure describes how you assign the OData service to a user for just the Manage TDMS Execution app.

For a productive usage of Fiori apps, you would most probably do the PFCG role assignment differently: You would create a PFCG role that contains multiple OData start authorizations. For example, you would include the start

authorizations for all HR apps, based on the technical catalog for HR.

1. Run transaction Role Maintenance (PFCG) to copy the back-end authorization role required for the Manage TDMS Executionapp to your customer

namespace. The technical role name is SAP_TDMS_EXEC_MAN_APP. 2. Edit the copied business role in transaction Role Maintenance (PFCG)

3. On the Menu tab, open the dropdown menu of the button for adding objects (+ button). By default, the object type Transaction is selected. Change the

selection to Authorization Default.

4. In the Service pop-up that opens, select TADIR Service from the dropdown menu for the Authorization Default. Specify the following values:

a. Program ID: R3TR b. Object Type: IWSV

5. In the table, enter the name of the activated OData service (see Activate OData Service for App (SAP Fiori Administrator)

6. Under the Authorization tab, click the button next to the Profile Name field to generate the authorization profile for the role.

7. Choose Change Authorization Data. On the screen that opens up, click Save and then the Generate button.

8. Run transaction User Maintenance (SU01) and assign the role to the test user user initially created (see Create Test User on Front-End Server).

(22)

App-Specific Configuration

Note:

The following steps are only necessary if the user does not yet have the business authorizations that are required to use the Manage TDMS Executionapp.

1. On the Authorization tab, click Generate Profile next to the profile name. 2. Choose Maintain Authorization Data.

3. On the Authorization Details screen, click the Generate icon in the toolbar.

3.3.3 Perform Check: SAP Fiori Launchpad with Content and Authorizations

1. Open the SAP Fiori Launchpad with the test user credentials.

2. Choose Open Catalog from the menu.

The business catalog with the Manage TDMS Execution app should be visible. When starting the app, the actual app functions should be available.

Note

If you get an error message stating that configuration is missing when you start the app, it means that your back-end system has not been configured correctly to enable the business functionality (see Out of Scope).

Figure

Updating...

References

Related subjects :