Analyzing Missing Authorizations

Objective

After completing this lesson, you will be able to analyze Missing SAP Fiori Authorizations.

Missing Proposals for OData Services

When entering a SAP Fiori catolog into the role menu the Odata Services assigned to the apps contained in the catalog are automatically entered in the role menu. In the case of problems with a SAPUI5 app, use the SAP Fiori Apps Library to determine which OData Services users require PFCG authorization for. Then check in the corresponding catalog in role maintenance for which OData Services an entry exists for. If problems occur, check if the correct proposals are made for the OData services.

Screenshots on checking for OData Service proposed in Role Menu.

Authorization Maintenance for SAPUI5 Fiori Apps OData Authorization Object

When after entering a catalog in the role menu an entry for an OData service is missing you can enter the value for this OData service manually to the role menu. The OData authorization is maintained by the Authorization Default entry from the PFCG Menu.

Therefore proceed the following steps:

  1. Choose the Insert Node button and select Authorization Default.
  2. Choose SAP Gateway: Services Groups Metadata in the Authorization Default field to select the IWSG Service on the FES and enter the name of the TADIR Service.
  3. Choose SAP Gateway Business Suite Enablement - Service in the Authorization Default field to select the IWSV Service on the BES and enter the name of the TADIR Service.

Note

  • TADIR IWSG is the Front-End authorization object
  • TADIR IWSV the Back-End object
Screenshots on authorization maintenance for SAPUI5 Fiori Apps OData Authorization Object.

Both entries are generating the same S_SERVICE authorization object with different authorization values. The SRV_NAME value of the S_SERVICE authorization object is the hash value of an OData service, not the name. Therefore it is recommended to not maintain S_SERVICE manually.

Note

An IWSG object is only available when the OData service is completely configured.

Practice System Exercise: Check for OData Service in Role Maintenance

Select Start Exercise to start the simulation.

ExerciseStart Exercise

Note

If you have access to a practice system, you can now execute this exercise.

Business Example

After creating roles some entries for the OData services might be missing. You need to find the missing authorizations. Therefore you can perform an authorization trace and cross check the information in the SAP Fiori Apps Library.

Task 1: Check the OData Services in the SAP Fiori Reference Library

Open the SAP Fiori Reference Library and check which OData Services require PFCG authorization for the Material Documents Overview app.

Steps

  1. Open the SAP Fiori Reference Library.

    1. In the Microsoft Windows start menu, choose Google Chrome.

    2. In Google Chrome, go to Bookmarks.

    3. In Bookmarks, choose SAP FioriSAP Fiori Apps Reference Library.

  2. Explore the Material Documents Overview app.

    1. Choose All apps for SAP S/4HANA.

    2. Choose All apps.

    3. In the Search field, enter Material Documents Overview or alternatively the app ID: F1077.

    4. Choose Material Documents Overview.

    5. Below the subtitle, make sure that the correct product and release version SAP S/4HANA 2023 with the latest FPS are selected.

    6. Select the IMPLEMENTATION INFORMATION tab.

    7. Expand Configuration.

    Example

    The following OData Services require PFCG authorization:

    • MMIM_GR_CANCELLATION_SRV
    • MMIM_MATDOC_OV_SRV

Task 2: Check the OData Services in the Role Menu

Steps

  1. Log on to the SAP GUI of the system S4D.

    FieldValue
    Usertrain-##
    Password

    Custom password

    1. Choose SAP Logon.

    2. Select 10 DevelopmentS4D SAP GUI non-SNC [PAS].

    3. Choose Log On.

  2. Check the OData Services of the catalog ADM945_##_BC_INVENTORY_MGMT in the role menu.

    1. Start the Role Maintenance transaction PFCG on the system S4D.

    2. Enter the role name: ADM945_##_BR_INVENTORY.

    3. Choose Change.

    4. Go to the Menu tab.

    5. Expand the catalog Inventory Management Catalog ## in theRole Menu.

      Result

      The following OData Services are included in the catalog:
      • R3TR IWSG ZMMIM_GR_CANCELLATION_SRV_0001
      • R3TR IWSG ZMMIM_MATDOC_OV_SRV_0001
      • R3TR IWSV MMIM_GR_CANCELLATION_SRV_0001
      • R3TR IWSV MMIM_MATDOC_OV_SRV_0001

    6. Choose Back.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn