we work in central hub scenario with a gateway hosting our ui5 apps and several backends providing data with sap netweaver gateway oData service implementations. therefore every applications requires a specific role on the frontendserver and one or more roles on the called backend systems.
The question “What role does the user need on which system?” was asked frequently and i got really annoyed by having to open the specific sap gui on the required systems and check the assigned roles with su01/su01d.
I wanted to provide a simple solution to this question, so i don’t have to check it in the system directly.
The following document should give a brief overview of the implemented solution. The abap code in this document might not working by copy and paste (just in case )
What do i know?
– Fiori app the user is trying to open
– Service(s) which are called by the ui5/fiori app
– Username (as they are present on the gateway system)
How could it be solved:
– Select an App or a service
– Read Customizing to app or service
– Check if user has roles assigned
So now let us dive a little bit deeper into the technical solution.
– I’ve implemented a basic master detail template. Masterlist contains the sapui5 apps of the gateway service. I won’t provide further details here as this is quite basice gateway / ui5 implementing topics.
– After having the relevant ui5 apps in the master list, i’ve build the following detail view. Object List Header with sapui5 appname & creator / last modifier. Tab Icon Bar (only with one tap), sap.m.list to show/update the required roles. The table has two fields (RfC Destination, Role Name (AGR_NAME). The table has a toolbar with the following functions: add role, remove role and check user.
– The oData Service for master & detail view data is implemented on the central gateway system.
So what is the sevice doing?
The first entity: RoleCustSet has implemented the GET_ENTITY_SET Method to read the role regarding IT_KEY_TAB having the sapui5 application name as key. Further the CREATE_ENTITY and the DELETE_ENTITY Methods are implemented as well. Thats pretty much the first entity.
The second entity: UserCheckSet implements the GET_ENTITY METHOD
The first entity is not that interesting as it provides only customizing. The second entity is more interesting. Let’s have a look a this.
What do we need?
– Key of sapui5 app that roles of user have to be checked against (Easy: IT_KEY_TAB, READ TABLE with key name = ‘BLUB’ where BLUB is the UI5 App name or other gateway entity attribute key field)
– Read Customizing Table (Easy: SELECT * FROM custtab INTO CORESPONDING FIELDS OF TABLE lt_custtab WHERE ui5app = ‘BLUB’.
– Check RfC Connections (FuBa *RFC*PING* does thet job)
– Run User roles assigned check
Build a internal table lets call it lt_checkuser with RfC System and Userid you wan’t to check. Eg. RfCDest1 | USER1, RfCDest2 | USER2
– How to get Users roles? BAPI*USER*GET*DETAIL will do the trick – Check TABLES Parameters
In the UserCheckSet GET_ENTITY:
– Loop at lt_checkuser assigning <fs_checkuser>
call function BAPI*USER*GET*DETAIL
return = lt_bapiret2
roles = lt_roles
append lines of lt_roles to lt_roles_all or something or directly check if the required role from customizing is present by doing read table with agr_name.
I’m sure a abaper will get from the description above what needs to be done.
I would like to give a brief overview of the endresult by adding two printscreens. One printscreens shows the customizing table for rfcdest and agr_name. Second printscreens shows a check user result. I’m working with sy-langu = DE so descriptions are german.
So that’s all about the fiori app to check role assignments. I hope you enjoyed reading & as always thank you for your comments and feedback. Thanks in advance for ratings and/or booksmarks.
I’ve ereased some tab icons in the printscreens as my applications started with this simple question and now pretty much has everything included a customer, frontend developer, consultant, application responsible or product owner needs to know from his fiori app and/or gateway service. Eg. Statistics using external JS Libs, Billing/Reporting Stuff, Support Stuff and much more.
If i find some time, maybe i’ll present additional tabs of the application in further documents/posts.
Have a nice day & kind regards,