S/4 HANA On-Premise In-App Key User Extensibility – Custom Business Objects
As there are many S/4 HANA implementations are now coming into picture the usage of the Custom Business objects CBO’s is suggested by SAP to replace standard custom SE11 tables.
The below blog will focus on the S/4 HANA On-Premise system
- As the name suggests Key User Extensions it is designed by SAP so that end users can create the CBO’s with out help of the developers and with a checkbox generate also the UI for the maintainance of the Fiori application
- Odata Rest based API CRUD operations are possible which can be used easily for the maintainance for side-by side extensions or from any other SCP based application so that your tables are cloud ready
- With the Odata Rest API which can be exposed to interface or other SAP/Non-SAP external system using a simple HTTP URL instead of the classical IDOC/RFC/Webservices architecture which makes for the the table maintainance easier
- Fiori List Report Template based table maintenance to replace the classical SM30 Table maintenance.
- There is no UI5 Code is required to create the Fiori application as this can be developed using Fiori List Report Template
- Automatic Odata generation, Automatic Change Logs and history using the check boxes.
- Validations and Determination during the addition, deletion, change of the entries is possible using the Validation, Determination options which will replace classical Table maintainance generator events
- Custom Value helps like the value helps in the SAP Domain is possible here with the association to other business objects or using the application Custom Reusable Elements-> Custom Code Lists->Code Values and Translations where we can define our Custom value helps
- The Data types used for defining the fields are mostly compatible with the most web API’s so that less conversions are required when we use the REST API’s unlike the SAP ABAP Datatype where conversions are required.
- The Key User Extension is not possible on On-Premise system as SAP did not provide an option to generate the UI as SAP says it would be difficult to determine if the On-Premise Landscape is a Central hub or an Embedded architecture of FES Component in order to save the BSP application after generation ,may be SAP has designed this with the intension all the Customers will move to S/4 HANA Cloud in future:)
- Since most of the end users are used to SM30 Table maintainance the adaptability to maintain the tables with the CBO’s based Fiori List Report could be challenging and take time to get used to the new way of doing it.
- Since the generated Fiori List Report could add only one new value at a time the classical copy past option in SM30 could not be possible.
- Mass maintainance which was possible in classical SAP GUI using reports could be very challenging here.
- F4 helps which was possible in the SE11 table for the standard fields are not possible as there is no Domain or Data Element concept anymore
- Additionally if there is a requirement where the table have to maintained once and the entries to be transported from Development to production similar to customising tables in SM30 there is no possibility with CBO as thr generated table is by default application table and it can’t be edited
What happens in SAP system when we generate a new CBO:
Below is the application from the FioriappLibrary to create a CBO
Hint : Make sure the Adaption Transport Organiser Setup is done
For example, the below CBO Y_TEST_DEMO is created with the below fields and the below Checkboxes are selected:
- In the SAP backend system, the below new artifacts are created after publishing the CBO
Hint: Since this will be assigned to some Local Package best possibility to find using the ABAP Object search with the CBO Name in the ABAP Development tools perspective in Eclipse or HANA Studio
- A new Custom CDS View with GUID as the key field and a annotations generated BOPF object with CRUD Operations possibilities
- Odata Service generated with the annotations from Odata check box
- If there are any actions created in the CBO’s this in turn generated actions in BOPF
- Similarly, for the Determinations and Validations there are corresponding BOPF Determinations and Validations are created
NOTE: The CDS view cannot be edited!
Authorizations for CBO’s:
The Major Challenge in every project would to check the authorisations while maintaining the Tables.
However, SAP has not provided any authorisation concept for the CBO’s. The first attempt was to create an Access Control using DCL object for the CDS view generated from custom business object and maintaining the authorization object in PFCG to the role.Unfortunately, this was not achievable since the CDS view was not editable.
Then how to find the authorizations for the CBO’s??
Here BOPF Authorization comes into picture. But how to implement this as we have the key field as GUID ?
As shown below a new authorization class should be created
- Implement the method CHECK_INSTANCE_AUTHORITY to perform instance-based authorization check depends on a BO instance data such as node attributes. Applications must implement this method to check whether the current user has the authorization required to perform a specific task for the given BO instance.
- Get the current entries, key fields and field to checked against authorization object.
- Check on which action should this check be performed Create, Delete, Change and so on
- The below code can be used as reference to catch the authorization checks
CLASS ycl_test_au_demo DEFINITION PUBLIC INHERITING FROM /bobf/cl_lib_auth_draft_active FINAL CREATE PUBLIC . PUBLIC SECTION. METHODS /bobf/if_lib_auth_draft_active~check_instance_authority REDEFINITION . METHODS /bobf/if_lib_auth_draft_active~check_static_authority REDEFINITION . PROTECTED SECTION. PRIVATE SECTION. ENDCLASS. CLASS ycl_test_au_demo IMPLEMENTATION. METHOD /bobf/if_lib_auth_draft_active~check_instance_authority. DATA : ls_msg TYPE symsg, lv_msg TYPE string, ls_key TYPE /bobf/s_frw_key, lr_data TYPE REF TO data. DATA: lt_item TYPE ytytest_demo. FIELD-SYMBOLS: <fs_data> TYPE ANY TABLE, <fs_werks> TYPE werks_d, <fs_key> TYPE /bobf/conf_key. CASE is_ctx-activity. *--Check the activity wheather create WHEN /bobf/cl_frw_authority_check=>sc_activity-create. *-- Fetch the current Entries io_read->retrieve( EXPORTING iv_node = yif_ytest_demo_c=>sc_node-ytest_demo it_key = it_key IMPORTING et_data = lt_item ). CREATE DATA lr_data TYPE ('YTTEST_DEMO'). ASSIGN lr_data->* TO <fs_data>. <fs_data> = lt_item. *--Loop at the current entries LOOP AT <fs_data> ASSIGNING FIELD-SYMBOL(<fs>). *-- Get the Authorization object fields to be checked ASSIGN COMPONENT 'WERKS' OF STRUCTURE <fs> TO <fs_werks>. *-- Perform the authorization check AUTHORITY-CHECK OBJECT 'M_MATE_WRK' ID 'WERKS' FIELD <fs_werks>. IF sy-subrc IS NOT INITIAL. MESSAGE ID 'MESSAGE' TYPE 'E' NUMBER '001' INTO lv_msg. MOVE-CORRESPONDING sy TO ls_msg. *--In of Error Raise an Error Message and add to BOPF Global Msg eo_message = /bobf/cl_frw_factory=>get_message( ). eo_message->add_message( is_msg = ls_msg iv_node = is_ctx-node_key iv_key = <fs_key> iv_attribute = 'WERKS'). ls_key-key = <fs_key>. *-- Add the failed key using the Node_Key field APPEND ls_key TO et_failed_key. ENDIF. ENDLOOP. ENDCASE. ENDMETHOD. METHOD /bobf/if_lib_auth_draft_active~check_static_authority. ENDMETHOD. ENDCLASS.
- Raise a message for that key fields and unique GUID with a authorisation error which inturn will be shown in the Fiori List Report