How To: Fiori Apps finden, integrieren und berechtigen

Fiori gives SAP a modern face. Apps instead of transaction codes. But how do we get the right app to the right user and how do we ensure that the user sees the right data in the app – and only the right data? We’ll answer these questions today in the Fiori How-to.

Our example case: The general ledger is to be managed via Fiori tiles in the future. To have a starting point, let’s start with transaction FS00 (master data maintenance G/L accounts).

1. Find the right fiori app

To find out which Fiori app replaces transaction FS00, the Fiori library is the first clue.

Click on “All apps” on the left. A search mask opens. Here you can search specifically for apps or Fiori catalogs if you already know them. But you can also simply search for keywords or – as in our case – for transaction codes.

So enter FS00 in the search mask. You will get all Fiori apps that implement this transaction code. For our example, select “Manage G/L Account Master Data (Version 2)”.

The detailed view for the app opens. At the top, select which system you are working with (SAP Business Suite, SAP S/4HANA, SAP S/4HANA Cloud) and then open the “Implementation Information” tab. Here you need to select the system version you are using. Finally, under “Configuration” you will find all the information you need to integrate the app into your SAP system.

You need:

  • The business catalog, that includes the app (SAP_SFIN_BC_GL_MD_MAINT in our exemple)
  • The business group that allows access to the app from the Fiori Launchpad home screen (for our example SAP_SFIN_BCG_MASTER_DATA).

2. Make Fiori app available for end user

In order for the employees of the specialist department to be able to use the app, you must include them in the corresponding SAP role.

Important: If you use two different systems as backend and frontend system, the role(s) in both systems must be adjusted.

Extend frontend role

Select a suitable single role or build one. Then add the business catalog and business group to the role.

To do this, click on the “Transaction” button in the bottom right corner (gray triangle) in the role menu (PFCG). A selection menu will open. Select “SAP Fiori Tile Catalog” and in the next window specify the name of the business catalog you are copying from the Fiori library. Note: In the box above the Catalog ID field, you need to specify where to find the catalog. Select “Local Front-End Server” here. Now add the group from the Fiori library in the same way (SAP Fiori Tile Group).

Good to know: Fiori groups are not necessary to access a Fiori app. However, only the apps that belong to a group assigned to the user are displayed on the Fiori Launchpad home screen. So, if you forget to add the right group to the role, the user can search and find the app via the app finder (as long as the corresponding catalog is hanging in the user’s role). However, he will not see it directly on the home screen.

However, Fiori catalog and group are only half the battle. For Fiori apps to basically work, you also need to pre-install and coin/authorize some common services and an authorization object. These are:

  • /UI2/PAGE_BUILDER_CONF (admin)
  • /UI2/PAGE_BUILDER_CUST (admin)
  • /UI2/PAGE_BUILDER_PERS (admin and user)
  • /UI2/TRANSPORT (admin)
  • /UI2/INTEROP (admin and user)
  • /UI2/EASY_ACCESS_MENU (user)
  • /UI2/USER_MENU (user)
  • /UI2/CHIP (authorization object: ACTVT: 03, 16, /UI2/CHIP: X-SAP-UI2*)

Extend backend role

You do not need the group in the backend system. But here, too, you need to assign the business catalog. If the user opens the app in the frontend, he will only get data to work with if the catalog has also been inserted in the backend role.

This also works via services. The Fiori catalog provides two types of services: IWSG for the front end and IWSV for the back end.

So find or build an appropriate backend role and add the catalog.

Note: The procedure here differs depending on whether the front-end and back-end are running on a common or two different systems.

If you use a common system, add the catalog via the role menu as described above. If you use two different systems, you will probably get an error message when you try to add the catalog via the menu. This is because the catalog does not exist locally, but must be fetched from the front-end server via an RFC connection. So, click the gray triangle of the Transactions button in the Role menu, select “Fiori Tile Catalog” and click “Remote Front-End Server” in the next window before inserting the catalog name. In the next window, select the connection for your front-end system.

Now the system also pulls the corresponding IWSV service into the back end with the catalog. In addition, your role receives the necessary domain-oriented authorization objects, which you must now define.

Important: Make sure that the authorization object S_RFC exists in the backend role and is correctly pronounced. If S_RFC is not present, the app, which is always called in the front-end system, cannot display and process data because it comes from the back-end system. Only the S_RFC object allows the user to connect between the two systems. In addition, the backend role requires the S_RFCACL object. It defines the two communicating systems (frontend and backend) as “trusted” and “trusting” and ensures that the connection works without the user having to log in to each system individually with his password each time.

3. Test Fiori app

Now comes the interesting part of the job (or the frustrating one – it’s sometimes very close). You need to test if the user can find and use the Fiori app as planned. For this test, you have two options:

  1. Assign your own user in the front-end and back-end systems the roles that the corresponding end-user has and in which the new Fiori catalog hangs.
  2. Build a test user that has the same roles and permissions as the end user. Again, in the front-end and back-end systems.

Call the Fiori Launchpad with the test user or with your own supplemented user from the frontend system (transaction code: /UI2/FLP). You should now see a “Master Data” tab there – this is the SAP_SFIN_BCG_MASTER_DATA group you added to your role earlier. Clicking on it should bring up a whole bunch of apps, including the “Manage G/L Account Master Data” app. Click on it.

In the very best case, the G/L account master data maintenance screen opens in the browser. Then you are finished at this point. Congratulations!

4. Analyze and eliminate errors

Far more often, however, the whole thing does not work so smoothly. If the app does not open, does not open completely, or opens with an error message, you first have to find out where the problem lies.

Tip: If Fiori apps do not work correctly, it is very often due to a missing or incorrectly filed service.

If the error message itself is not meaningful enough, use the developer tools in the browser (F12) for a more detailed analysis.

Fix service error

If the problem is due to a lack of service, you have two options:

  1. The service is available, but not yet activated.
  2. The service does not exist in your system yet.

This can be checked by searching for the service that is missing using the SICF and /UI2/MAINT_SERVICE transactions. If the service is present in the system but not yet activated, it will be displayed grayed out in the SICF. In this case, activate it via: right mouse button – activate service.

But be careful: In your company, this may be a matter for the rank and file. Therefore, please clarify beforehand whether you, as the authorized person, are allowed to activate the service yourself or not.

Tip: Not only the name of the service in the SICF must match the one you get from the error message in the developer tools. Make sure that the storage path is also identical.

If the service does not yet exist in the system, you can add it via /UI2/Maint_Service (“Add Service” button). But again, in most cases this is up to the base. Please clarify beforehand whether you are allowed to add a service yourself.

Tip: Don’t just look at the service name, but also take a closer look at the column next to it. Here you can see in which version the service is available in your system. In our example, the OData service we were looking for, FAC_MANAGE_GLACCOUNT_SRV, was available in the system as version 1, but the app requires version 2.

Test the app again when you have added and activated the service. Important: The service must also exist in both the frontend and the backend. If in doubt, drag it from the source system to the other using RFC connection.

Other error messages may prevent the app from working. For example, you may be missing transactions in your system that are needed to run an app. However, these error messages occur less frequently and are almost always a case for our colleagues at the base.

Leave a Reply

Your email address will not be published. Required fields are marked *