we work in central hub scenario with a gateway hosting our ui5 apps and several backends providing data with sap netweaver gateway oData service implementations. therefore every applications requires a specific role on the frontendserver and one or more roles on the called backend systems.

The question “What role does the user need on which system?” was asked frequently and i got really annoyed by having to open the specific sap gui on the required systems and check the assigned roles with su01/su01d.

I wanted to provide a simple solution to this question, so i don’t have to check it in the system directly.

The following document should give a brief overview of the implemented solution. The abap code in this document might not working by copy and paste (just in case )

What do i know?

– Fiori app the user is trying to open

– Service(s) which are called by the ui5/fiori app

– Username (as they are present on the gateway system)

How could it be solved:

– Select an App or a service

– Read Customizing to app or service

– Check if user has roles assigned

So now let us dive a little bit deeper into the technical solution.

– I’ve implemented a basic master detail template. Masterlist contains the sapui5 apps of the gateway service. I won’t provide further details here as this is quite basice gateway / ui5 implementing topics.

– After having the relevant ui5 apps in the master list, i’ve build the following detail view. Object List Header with sapui5 appname & creator / last modifier. Tab Icon Bar (only with one tap), sap.m.list to show/update the required roles. The table has two fields (RfC Destination, Role Name (AGR_NAME). The table has a toolbar with the following functions: add role, remove role and check user.

– The oData Service for master & detail view data is implemented on the central gateway system.

So what is the sevice doing?

The first entity: RoleCustSet has implemented the GET_ENTITY_SET Method to read the role regarding IT_KEY_TAB having the sapui5 application name as key. Further the CREATE_ENTITY and the DELETE_ENTITY Methods are implemented as well. Thats pretty much the first entity.

The second entity: UserCheckSet implements the GET_ENTITY METHOD

The first entity is not that interesting as it provides only customizing. The second entity is more interesting. Let’s have a look a this.

What do we need?

– Key of sapui5 app that roles of user have to be checked against (Easy: IT_KEY_TAB, READ TABLE with key name = ‘BLUB’ where BLUB is the UI5 App name or other gateway entity attribute key field)

– Read Customizing Table (Easy: SELECT * FROM custtab INTO CORESPONDING FIELDS OF TABLE lt_custtab WHERE ui5app = ‘BLUB’.

– Check RfC Connections (FuBa *RFC*PING* does thet job)

– Run User roles assigned check
  Build a internal table lets call it lt_checkuser with RfC System and Userid you wan’t to check. Eg. RfCDest1 | USER1, RfCDest2 | USER2

– How to get Users roles? BAPI*USER*GET*DETAIL will do the trick – Check TABLES Parameters

In the UserCheckSet GET_ENTITY:

– Loop at lt_checkuser assigning <fs_checkuser>

     call function BAPI*USER*GET*DETAIL

     Destination <fs_checkuser>-rfcdest


     return = lt_bapiret2

     roles = lt_roles

append lines of lt_roles to lt_roles_all or something or directly check if the required role from customizing is present by doing read table with agr_name.


I’m sure a abaper will get from the description above what needs to be done.


I would like to give a brief overview of the endresult by adding two printscreens. One printscreens shows the customizing table for rfcdest and agr_name. Second printscreens shows a check user result. I’m working with sy-langu = DE so descriptions are german.



So that’s all about the fiori app to check role assignments. I hope you enjoyed reading & as always thank you for your comments and feedback. Thanks in advance for ratings and/or booksmarks.

I’ve ereased some tab icons in the printscreens as my applications started with this simple question and now pretty much has everything included a customer, frontend developer, consultant, application responsible or product owner needs to know from his fiori app and/or gateway service. Eg. Statistics using external JS Libs, Billing/Reporting Stuff, Support Stuff and much more.

If i find some time, maybe i’ll present additional tabs of the application in further documents/posts.

Have a nice day & kind regards,


To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply