GRC 12 Fiori launchpad Configurations
GRC 12 has new feature to use Persona based Fiori launchpad for easy navigation
In this version ,SAP delivers more standard tiles for front end navigation (similar functionality as NWBC links used in previous versions) Example catalog tiles for dashboards navigation provides detail information on key metrics.
We can also create our own groups and add the tiles we use frequently instead of searching the links through NWBC screens
Please refer to the link for more information on GRC 12 Access control components
This blogs explains the configuration steps required to use Fiori as the front end for both Access control and Process control components.
1.Front end components provides Business catalogs and Business Roles.
2.Back-end components provides Technical catalog which has the information about the tiles. SAP delivers these standard catalog ID both for Access and process controls functionalities.
3.We need to replicate the technical catalog from back-end into the front-end to establish a connection between technical catalog and business catalog using a standard SAP program.
- Following Access control and Process control GRC components needs to be installed in front-end gateway system.
UIGRAC01 – Access control Components
UIGRPC01 – Process Control Components
- SAP UI has to be in 7.52 SP02
Step 1: Setup Trusted RFC connection’s from Gateway system to GRC system.
Trusted R/3 Connection (type 3 – ABAP connection) – Login to Transaction SM59 to create the connections.. Set up these connection as Trusted connections and set the current user to true
HTTP connection ( type H – HTTP connection) – Recommend to use HTTPS port and set SSL option as true
Step 2 : Map the RFC Connections to SAP system Aliases
Maintain below standard views as required in front end gateway system using transaction SE16
a)/UI2/V_SYSALIAS – Add GRC components ( SOHGRAC and SOHGPC) to the SAP system Aliases table view
b) /UI2/V_ALIASMAP – MAP the system aliases to R/3 ABAPRFC connection created in step 1
Step 3: Replicate the Technical Catalog from the Back-end System
Launch the report /UI2/GET_APP_DESCR_REMOTE_DEV using Transaction SE38
Run the report with below details for Acess Control components
SOHGRAC – system Alias
SAP_TC_GRC_AC_BE_APPS – SAP standard back end program for replication
Replication mode: Full Replication
Please refer to link below for more information on back-end end replication
Run the report with below details for PC components
SOHGRPC -– system Alias
SAP_TC_GRC_PC_BE_APPS -– SAP standard back end program for process control replication
Run in test mode initially.
If logs looks good, unchecked the test mode and run the program again
Note: Running for first time should show the number of catalog and apps added.. Otherwise it would
Show the message replication is up to date as shown below..
Note :SAP recommend scheduling the report to run daily. As the report needs to run after every system update, scheduling the report to run daily ensures that you have up-to-date information in the SAP Fiori Launchpad designer.
Step 4 : Create Fiori Catalog page in font end system
Execute transaction /N/UI2/FLPD_CUST
You can notice that new catalog pages created after executing the above program’s
a)ID : X-SAP-UI2-ADCAT:SAP_TC_GRC_AC_BE_APPS:SOHGRAC
b) ID : X-SAP-UI2-ADCAT:SAP_TC_GRC_PC_BE_APPS:SOHGRPC
Note: we cannot assign the above standard catalogs to the role
Copy the above standard catalogs to Z version to customize the tiles and also to add in the PFCG role.
Copy to new catalog entering Title and ID
New catalog page is created as shown below
You can also use the delivered Business catalogs to customize the different front end navigation as required.. In our requirement we just had one team to access all the components.
The following business catalogs and business roles are delivered as part of the front-end component UIGRAC01.. You can customize these roles as required.
Step 5 : Assign the Catalog page created in step 4 to PFCG role
Menu -> Fiori tile catalog
Assign the role to the user now
Note this user has to exist in both front end and back end with access for S_RFCACL auth object to establish trusted relationship..
The back-end GRC user role will have required authorization for executing the functionalities of GRC ( Access and process control tiles)
Step 6: Validation
Execute the transaction N/UI2/FLP
GRC AC 12 components are now accessible through gateway front end system
You can create your own group and add the requires tiles as needed
settings -> App finder
Implement the instruction in below note if back-end system prompts for the password
2485474 – How to configure SSO from Fiori Launchpad to a back-end system with logon ticket
More information on Fiori front end configuration