SAP S/4HANA – How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0
One common question we receive from customers as part of the S/4HANA RIG team is how do we handle and generate backend authorizations objects. The previous SAP Business Suite (non-Fiori) method is to identify the SAP transaction codes on the backend system and create SAP PFCG roles based on the SAP Transaction Codes. This process will automatically add the required authorization objects to the SAP PFCG role. In the new Fiori 2.0 for S/4HANA, we map out the required SAP Fiori Apps, SAP transaction codes, and SAP WebDynpro applications on the frontend, but this process does not create and generate the required backend authorization objects for the SAP Fiori Applications to work.
We have created the following guide to provide step-by-step instructions on how to create and generate SAP Backend authorizations for a SAP S/4HANA system based on SAP Fiori 2.0 Frontend Server Catalog information. This document is intended to cover the steps to generate backend authorizations objects based on SAP Fiori Apps, SAP Transactions based on SAPGUI for HTML and Web Dynpro applications from the SAP Fiori Frontend Tile Catalog.
Link to Document:
This document will use a sample SAP Fiori Frontend Catalog to generate the required authorization objects on the SAP Backend S/4HANA 1610 system. You will still need to maintain/create the SAP Frontend authorizations which consist of the SAP Business Catalog, SAP Business Groups, and PFCG roles. For more information on how to setup and create custom SAP Business Catalogs, SAP Business Groups and PFCG roles, please refer to the security documentation located on the SAP help site, https://help.sap.com/FIORI_IMPLEMENTATION. You need to design the overall SAP security strategy based on the customer requirements.
We have several great blogs and how to guides on configuration of SAP Fiori Business Catalogs, Buuiness Groups and PFCG roles on the SAP Frontend Server. You can use the following blog to help guide the customer on adapting custom SAP Fiori Business Roles.
If you have any questions or comments, please let us know in the comments section.
SAP S/4HANA Regional Implementation Group