Skip to Content
Technical Articles

Configuring Roles – SAP Fiori Launchpad Cloudfoundry

Hi All,

Today, I would like to show how to configure the roles in Fiori launchpad Cloud foundry. In detail,

We can control the apps that will be displayed in the launchpad, based on the authorization check.


For instance, there are two apps in the  FIORI launchpad.

We have two roles in the Application.



Fiori Launchpad should show strictly user-related apps if USER Login to the Application.

How to achieve the above scenario?.

Please follow the steps to do that.

Step1: Declare the scopes in xs-app.json



Step 2: Declare the Same scopes in xs-security.json in below formate.


Step 3. Create Roles in xs-security.json inside role-templates sections.

Please note that created roles will display in the Role Collection under your cloud account.



Step 4:  Configure Authorization in the manifest.json in your HTML5 Module.


Add below code in the manifest.json: $XSAPPNAME.user was defined in scopes early in step 2


Step 5: Just repeat the above step for another app which is for Admin.


Step 6: Build and Deploy in your cloud foundry account


Step 7: Create Two Roles in Role Collection under the Security section



Step 8:  Click on POC_Open_user Role and add Role Templates which you have created already in xs-security.json Please refer Step-3



Select the user role from the template section.


Step 9: Assign roles to the account Id in Trust Configurations.



Step 10: Please open your launchpad approuter URL. You can only see the USER related apps.

Fiori Launchpad Before applying Roles & Authorization

Fiori Launchpad After applying  Roles & Authorization ( Assigned User role )


Conclusion: We can filter the apps in the Fiori launchpad Cloud Foundry based on the Roles.

I hope this blog post helps you during your development.


Thanks & Regards


You must be Logged on to comment or reply to a post.
  • Great post, thanks for sharing ☺️ One question, is there a possibility to show all assigned users with the associated roles in the ID Service?

    Cheers, Markus

    • Hi Markus,

      Its not possible . You have to search with their Email Ids in Trust SAP ID service. There you can see their roles ( You should have Administrators rights )



  • Great article Lot’s of information to Read…Great work Keep Posting and update to People. Thanks, Now I would like to share some information about resolving hp printer in error state issue. if you are unable to print an important document you can get help here.

  • Thanks, this is very helpful information.

    Out of curiosity: How did you find out about the "" entry in the manifest.json? Is it described in some "official" documentation?

  • Hi Charanraj,

    thank you for the info, I have one requirement where I need to pass more than one Scope-  "" . For example

    "": {
    "oAuthScopes": [
    Is this possible ? I tried but seems like the above configuration is not working, it does not support 2 different scopes to be passed via the
    Your help is highly appreciated
    • Hi Abdul Musavir,

      It's possible. we have implemented successfully in our project.



      Please check xs security.json file and Roles Template properly.




  • We have following requirement:

    same fiori app : javascript.app1, but we configured two tiles with following

    "id": "app1",
    "appId": "",
    "vizId": "app1-Manage"
    }, {
    "id": "app1",
    "appId": "",
    "vizId": "app1-Others"

    Now how can we configure two different oAuthScopes (app1Manage, app1Others) for  same project javascript.app1.

    Now in Launchpad:

    For oAuthScope app1Manage we need to show first tile.

    For OAuthScope app1Others we need to show second tile.




  • Hello charan,

    Could you please let me know how to differentiate the User and Admin Assigned roles in Launchpad service in Cloud foundry. I have configured two apps in Launchpad I want assign two different roles in two apps.

    I followed all the steps mentioned in blog but I am unable to filter the apps based on Assigned roles.


    Thanks in Advance.


    Mamatha M

    • Hi Mamatha,


      First Step: You have to create two scopes in

      Second Step: Assign the above scopes to Role Templates

      Third step: In your cloud foundry account create two role collections and assign these role templates each respectively

      Fourth Step: Assign this role collection two roles

      Fifth step: In Manifest JSON of each app assign each scope

      User APP:

      "": {
      "OAuth scopes": ["$XSAPPNAME.user"]


      Admin APP :

      "": {
      "OAuth scopes": ["$XSAPPNAME.Admin"]


      build and deploy to your space after you can see your launchpad