Fiori app with multiple backend systems
In the following example, I will try to explain how you can connect a Fiori app with multiple backend systems using User Roles with System Aliases in SAP Gateway.
Prerequisites: you have created RFC destinations and System Aliases for backend systems.
Assigning SAP System Alias to OData Service – SAP NetWeaver Gateway – SAP Library
As mentioned in the above link, you can assign multiple SAP system aliases to an oData service and also have specific roles assigned to them using transaction /IWFND/MAINT_SERVICE.
In the below screenshot you can see that I have assigned 4 system aliases with different roles assigned to the service of the “Approve Purchase Orders” Fiori app.
- If the system alias do not have a user role assigned, then all users will have access to this system through the Fiori app.
- If the system alias has a user role assigned, then only the users that have this role will have access to this system through the Fiori app.
Let me try to give an example:
– First you create a blank role for each backend system in SAP Gateway (transaction PFCG).
Z_ROLE_SYSTEM_1
Z_ROLE_SYSTEM_2
…
etc.
– Then, when you add a system alias to a service, you define also the role for this (transaction /IWFND/MAINT_SERVICE).
| Alias | User Role |
|---|---|
| ALIAS_SYSTEM_1 | Z_ROLE_SYSTEM_1 |
| ALIAS_SYSTEM_2 | Z_ROLE_SYSTEM_2 |
| ALIAS_SYSTEM_3 |
– Now the behavior of the app depends on the roles assigned to a user:
| Scenario | App Behavior |
|---|---|
|
User having none of the above roles |
App will have access to system ALIAS_SYSTEM_3 |
|
User having role Z_ROLE_SYSTEM_1 |
App will have access to systems ALIAS_SYSTEM_1 and ALIAS_SYSTEM_3 |
| User having roles Z_ROLE_SYSTEM_1 and Z_ROLE_SYSTEM_2 |
App will have access to systems ALIAS_SYSTEM_1, ALIAS_SYSTEM_2 and ALIAS_SYSTEM_3 |
*** ATTENTION ***
SAP Gateway caches the metadata of the service. Because you have one service for the system aliases, you may experience unexpected behavior in case you have extended the oData in one system and not in the others. See the problem here: One quite haunted Gateway cache issue
Problem:
In system A you extended the Fiori app oData entity through the available BADIs and added some fields.
In system B you use the standard functionality without any modifications.
In Gateway you have the standard Fiori app and you also extended it to a Z_APP to include the additional fields of system A.
– User A accesses the Z_APP with the additional fields in Launchpad through system alias pointing to system A.
– User B accesses the standard app in Launchpad through system alias pointing to system B.
Gateway behavior: Metadata cache is cleared manually or by the system eg. because you raised SP level of the app or the SAPUI5 libraries SP level.
Scenario 1:
- User A logs on first, Gateway caches the metadata of the service from system A (standard structure + the additional fields). App works fine.
- User B logs on second, Gateway has already cached the metadata and do not get them from system B. App works fine because the standard structure is there.
Scenario 2:
- User B logs on first, Gateway caches the metadata of the service from system B (only standard structure exists). App works fine.
- User A logs on second, Gateway has already cached the metadata and do not get them from system A. App NOT working because it can’t find the additional fields in the cached metadata.
Solution:
Caching of metadata based on the system-alias information can be used in the SAP NW Gateway 2.0 SP08 and higher.
http://service.sap.com/sap/support/notes/2000134
Regards,
Vasils
Very nice blog Vasils. It surely helps in hub scenario. Though i m facing small issue. Even though i have created a blank role in PFCG, i am not able to add the role to my service. Is it some front end component dependent. Please see the screen shot. The green "tick mark" is disabled
Thanks
Pranav
Thanks Pranav,
I guess you are trying to assign a role to an existing alias of your service. "User role" field is part of the key of this customizing view table so you can't change it for an existing entry.
What you can do is either remove the system alias from the service and add it again... or when you are at the view table -> select the line of the existing one -> press button "Copy as.." -> enter the role at the new line -> Press Enter -> Scroll up and delete the old one -> Save
Regards,
Vasilis
Hi Vasilis,
Thanks for writing good blog. Its help many people like me.
We are also setting up fiori however I am facing one issue with regards to SSO.
my landscape is as below:
===================
Gateway system is different (client is 001) and ECC system is different(client is 100).
We have configured web dispatcher to handle the requests(OData/SData to gateway and other /sap/bc/ requests to backend).
RFCs are created between both abap systems and trusted relations ship is working between them through trusted rfcs.
my issue is when we call a URL from browser it is asking credentials two times (one is for gateway system and another for ECC system). my doubt is shall we over come this issue? if yes how do we achive it?
and also in further we will integrate this fiori into portal system and call from there, is the SSO will work without having any issues( Portal-web dispatcher-gateway system-backend system)? i tried to search but unable to find a information related to my scenario please help me here.
Thanks,
Venkat
Hi Venkat,
I am not familiar with the SSO in technical level. It might be a web dispatcher configuration issue.
I also haven't implemented fiori in portal so I can not advice you on it.
Sorry,
Vasilis
Hi
I created blank roles for the 2 system aliases but after assigning them to the aliases i got error No System Alias found for Service 'ZTASKPROCESSING_0002' and user 'XXXX'. If I remove the the blank roles from my alias I get Error has occurred while creating proxy for logical port '80'
Its perfectly working with one alias
Its for My Inbox app and I have to connect to the core system and the HR system
Thanks
Hi,
"My Inbox" app is a little bit different that the other fiori apps as it wants a different setup in the alias. I haven't worked it with multiple backends so I am not sure if it works.
What I would have checked:
I have no other clue,
Vasilis
Hi Vasilios
Yes. All is in order as per your reply
Thanks
Hello Vasilios,
I've tried to connect Purchase Requisition Approval application to 2 backends with one Gateway same client.
I have followed your post and enable 2 system aliases to this app but the app do not displayed any purchase requisition from those 2 backends. But I've noticed that the entityset_get method is called on the 2 backends.
When I declare only one system alias, purchase requisitions are well retrieved..
Am I missing one customizing point?
Thanks in advance for your help
Hi,
please check if the user can retrieve PRs for each alias. First check the 1st alias then remove it and check the 2nd alias.
Check also if the user has the same authorizations in both backends.
Vasilis
Thank you Vasilios for your help.
It appears that I have to apply OSS note 2250491, and everything turns alright!
HI Vasilios,
Thanks for the blog. Really helped me understand the System alias config in depth.
Although we have a different requirement here:
User wants to have the same standard Fiori app on 1709 with two different instances on the same same launchpad. One app should point towards System A and the other towards System B. But a single user ( Over a single launchpad ) should be able to access the same app with two different back end systems.
Please let me know if there is a way to achieve this without customization ( Creation of a copy standard app ) on the launchpad.
Regards,
Gulshan Singh
Hi,
many things changed with S/4HANA and also the recommended landscape of Fiori for multiple back ends
https://assets.cdn.sap.com/sapcom/docs/2018/02/f0148939-f27c-0010-82c7-eda71af511fa.pdf
Regards,
Vasilis
So If my app is reading a backend table from different systems with the same table but different records, how the records should be shown in the app? would the result be a consolidation of both tables?
best regards,
Marcelo