Skip to Content

Scenario: User wants to view the application only assigned to him/her

User would require only scenario specific tile to be assigned to his/her login. This would be required while assigned production users a certain tile and not all the tiles. This document would also talk about restriction for a specific tile.

For e.g.: Material management PO approve.

User wants only “Approve Purchase order” Tile to be in his/her Launchpad.

Prerequisite :

  • All the specific UI components are in place.
  • Fiori admin URL is working fine
  • Admin user has administrator role assigned : You have created an administrator user who needs extensive authorizations,

          such as S_SERVICE, S_DEVELOP, /UI2/CHIP, S_RFC_ACL, and S_CTS_SADM. If applicable, create the user with the ID the user already has in the back end

  • Role name : SAP_UI2_ADMIN_700

Admin URL : http://<>:PORT/sap/bc/ui5_ui5/sap/arsrvc_upb_admn/main.html?scope=CUST

As we are dealing here with only 1 application for the user (Approve PO). Let’s go to the standard tile catalog offered by SAP.

Tile catalog name: Buyer (MM) – Content


Now we want only Approve Purchase orders application.

Before copying the tile from this catalog. Let’s create a new tile catalog by clicking on below on the left catalog view.


Create catalog screen appears :


Enter your desired catalog name:


  • My New Catalog is created.
  • Now go back to your standard catalog and drag the “Approve purchase orders tile” and you see a copy option.
  • Drag to the copy option and your tile is copied. Once you drop your tile, it asks for Destination to be copied to.


Select “My New Catalog” from the selection criteria.


Make sure you repeat the same operation for Target mapping for “Approve Purchase orders”.

Once done, now you have the Tile catalog with standard Approve PO tile.


Here target mapping is 0. Once you copy target mapping as well. It shows as 1.

Create Target Group:

Follow the same approach for creating groups. Go to group tab :


You can disable Group personalization as well. User won’t be able to delete the Tiles from Launchpad using this.

Add tile to the group



Create a custom role for your group “My New Group” in PFCG:


Choose Fiori Tile catalog from the Transaction in Menu tab :

Similiarly choose Fiori Group :



Now you see that both Catalog and group is maintained for the role.


  • Assign relevant authorizations and number of users. Now you can open your Fiori Launchpad.
  • Make sure you save your PFCG role.
  • Clear your browser cache and open your Launchpad.


You should see the app tile assigned to you.

Thanks !!

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Former Member

    Hello, very Useful document – have you tried or someone has tried to restrict FIORI applications in another language ? (ex. French) I was trying but I got a message indicating: “Page can not be modify in language FR” Thanks, Juan

  2. Former Member

    Hi Tejas

    Excellent document, but I need 1 clarification, who exactly will create the custom catalogs and groups.

    Whether UI5 developer or Authorization consultant.


    1. Tejas Chouhan Post author

      This is just configuration changes, can be done by anyone who knows this. But make sure you add it to transport request (customizing). The PFCG part you see above has to be done by security consultant/ auth consultant like you say.


  3. Sriram Sampath

    Hi Tejas

    Thanks for answer. Also please can you send me some sample authorization concept for Front end system, because I have designed for Backend system.


  4. Nandish m

    Hi Tejas,


    One doubt, Approve PO will have some business role, how to add that role (i.e authorization to approve) in our custom user.





Leave a Reply