Skip to Content
Author's profile photo Gilbert Wong

SAP S/4HANA – How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0

SAP S/4HANA – How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0

One common question we receive from customers as part of the S/4HANA RIG team is how do we handle and generate backend authorizations objects.  The previous SAP Business Suite (non-Fiori) method is to identify the SAP transaction codes on the backend system and create SAP PFCG roles based on the SAP Transaction Codes.  This process will automatically add the required authorization objects to the SAP PFCG role.  In the new Fiori 2.0 for S/4HANA, we map out the required SAP Fiori Apps, SAP transaction codes, and SAP WebDynpro applications on the frontend, but this process does not create and generate the required backend authorization objects for the SAP Fiori Applications to work.

We have created the following guide to provide step-by-step instructions on how to create and generate SAP Backend authorizations for a SAP S/4HANA system based on SAP Fiori 2.0 Frontend Server Catalog information. This document is intended to cover the steps to generate backend authorizations objects based on SAP Fiori Apps, SAP Transactions based on SAPGUI for HTML and Web Dynpro applications from the SAP Fiori Frontend Tile Catalog.

Link to Document:

This document will use a sample SAP Fiori Frontend Catalog to generate the required authorization objects on the SAP Backend S/4HANA 1610 system. You will still need to maintain/create the SAP Frontend authorizations which consist of the SAP Business Catalog, SAP Business Groups, and PFCG roles. For more information on how to setup and create custom SAP Business Catalogs, SAP Business Groups and PFCG roles, please refer to the security documentation located on the SAP help site, You need to design the overall SAP security strategy based on the customer requirements.

We have several great blogs and how to guides on configuration of SAP Fiori Business Catalogs, Buuiness Groups and PFCG roles on the SAP Frontend Server.  You can use the following blog to help guide the customer on adapting custom SAP Fiori Business Roles.

If you have any questions or comments, please let us know in the comments section.


SAP S/4HANA Regional Implementation Group

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Nipun Mahajan
      Nipun Mahajan

      Hi Gilbert,

      Thanks for the great blog!

      Will like to know the source of the Business authorization object that populates from SU24. Do we code the business objects within the CDS view of Odata service associated with the transactional app?


      Author's profile photo Liangliang Pan
      Liangliang Pan

      Hello Gibert,

      Good morning.

      This is Sebastian, an SAP Security consultant.

      May I know whether there is any updated article for S/4 HANA 1909 ?