Configuring Role Based Apps in LaunchPad Service in Cloud Foundry
Hope Everyone is doing great.
In this Blog Post I am going to Explain about the Configuring Roles to Applications in BTP and able
to access in Launchpad Service which are deployed to HTML5 Application Repository in Cloud
what is Launchpad Service?
Launchpad Service is one of the Services available in SAP BTP Subscriptions. With this Service,
Organizations can build a central entry point on BTP for all the Fiori Applications configured and
provide efficient, wide enterprise, security, role-based and personalized Launchpad Site Access to
SAP and Non-SAP Applications to the Business Users.
Capabilities of Launchpad Service:
- Home Page Personalization.
- Central Point of Access to Apps, Tasks & Notifications.
- Role based Access to Content( Eg: From S/4 HANA Systems).
- Smooth App Integration for different UI Technologies and third party web apps.
- Extensible Framework for Customization and branding.
Let us take an 2 Apps one is Employee App and other one is Manager, Admin Apps and try to
configure the roles based on the User.
Step 1: Open Dev Space in BAS take the new Project from Template and Select the SAP Fiori
Step 2: Select SAP UI5 Freestyle for sample Application you can go with Fiori
Step 3: Select Data Source as None not connecting to any destinations for sample Application. You
can connect to Backend and select OData Services also.
Step 4: Give the View Name and the project details like Module name (Project Name),
select yes for deployment and FLP Configuration options.
Step 5: Choose the Target as Cloud Foundry or ABAP Environment, based on your requirement
Launchpad service can access different targets also and Select yes for Managed
Application router which creates the “mta.yaml” file while generating the application.
This mta.yaml file acts as deployment descriptor for app to deploy
to Cloud Foundry.
Step 6: Give Semantic Object, Action, Title which will be displayed in Launchpad Service. Click on
Finish project will be created successfully.
Step 7: Project will be created successfully. Now open the manifest.json file add the below piece of
code for Authorization part in cloud(SAP BTP).
Step 8: To Add the Roles to Application first we have add the scopes in “Xs-App.json” file as
Now According to Scope Defined in Xs-app.json, call that Scope name in Xs-
security.json file. The name of the Scope is “$XSAPPNAME.Display”
Along with the Scopes Add the “Role Templates “ with Appropriate Name Related to your Application
here I have taken as “POC_EMP_Role” and called the Scope Reference also.
Right click on mta.yml file and select “Build MTA Project”.
Once Build is completed you can find the generated Mtar Archive Folder.
Step 11: Now click on MTAR generated folder and select Deploy MTA Archive file to the cloud
Step 12: After successful deployment Process, the finished message appears in Terminal.
CONFIGURING DEPLOYED APPS TO LAUNCHPAD SERVICE.
The Role Template Created in Application will be appeared in
In SAP BTP Cockpit under Security Roles Section. You will find the Application Name and Role
Name created in xs-security.json file in BAS.
In BTP Cockpit Go to “Service Market Place” and search for “Launchpad Service”.
Now click on Tile and then select “Go to Application”. It will navigate you to Launchpad service.
Create a New Site in for Launchpad.
Now go to “Provider Manager” and Activate, click on refresh icon to get the latest Deployed HTML5
Apps in Actions Tab.
Select Content Manager in left Side panel, in combo box select HTML Apps you will find the Apps
Deployed to Cloud Foundry in BAS.
All the Deployed Apps will appear here you can select the Required App for Role Configuration and
click on “Add to My content” Button on top right corner. Then that App will be Added in the Content
Step 18: Now go to “Mycontent” select the Deployed App now add the Catalog, Group, Role to that
Step 19: By clicking on “New” Button you can create the Catalog, Group, Role as shown below:
Step 20: Create Catalog, Click on Edit and Assign the EmployeeApp to Catalog as shown below:
So that EmployeeApp will be added to that Catalog.
Create the Group, Click on Edit and assign the EmployeeApp to that group as shown below:
We can create different groups to place our apps in that particular group.
Step 22: Create a Role, Add the EmployeeApp to that Role as shown below:
To Provide Authorization using users, Role Template in BTP as shown in below Architecture.
Step 23: The created Role Title will be automatically created in SAP BTP Cockpit under Role
Collection Section as shown below:
For one Role we can add multiple Apps which all comes under that role.
Click on that Role created in FLP for that role, now Add created role in BAS(Xs-security.json) to this
Application and add the Role Template and User Names who want to Access the Application for
Click on Edit button and in Roles Tab, Role Name as Value help Request click on that, here you can
Search for the created role in comboBox and the deployed application namespace from BAS will
available here as Application Id.
Click on Add then RoleName ,Role Template and Application Identifier will be added as shown in
Step 24 image.
In BTP under Security>Users we can create the list of Users with their BTP Usernames or MailId,
only these added users can able to add to different Role Template applications.
Under Users Tab added two user names for that Role Collection and Application identifier which are
BTP Account User names are added in Users Section.
The users which are added for this Role Template and Application Identifier are able to see the Apps
Repeat the Steps from 1 to 25 for another App called Manager App and Admin App.
In that Manager App create the another role in scopes and add that App to same catalog
(Either we can add in Different or Same Catalog) and for different group in Launchpad Service.
Step 26: Now go to Site Directory it will take you to Launchpad. This Launchpad URL can be given
to other users who are added in BTP Security>Users. According to their role added in related
applications are visible to those users.
For the MM User who has only Access to Employee and Admin Apps.
- The User LS who has Access to Both Manager,Employee and Admin Apps.
This is the Launchpad site for Configured Apps for FLP under catalog and group. Displaying the tiles(apps) according to the user’s role.
Conclusion: This is the process has to be follow to achieve the Role Configuration and
securing SAP Launchpad service in the Cloud Foundry environment.
Happy Learning 🙂 and Have a great day!