Working with SAP Fiori authorization in SAP Solution Manager 7.2 – Process Management
In this blog I like to show how you can document your SAP Fiori authorizations along your business process.
This blog also contributes to my previous blog How to work with SAP Fiori Applications in SAP Solution Manager 7.20 – Process Management.
There are many knowledge sources available to understand the Fiori authorization concept.
I suggest becoming familiar with them before you start.
I liked this a lot:
How to work with SAP Fiori authorization in SAP Solution Manager 7.2 – Process Management
First, SAP Solution Manager 7.2 acts as the single source of truth for your hybrid systems landscape and their business applications (SAP Fiori Applications). These applications are used to execute your business processes by the relevant business roles of your organization.
To do so users need authorizations which are assigned to this business roles.
Working with SAP Fiori authorization remains the same approach as with all other ABAP authorizations. Means the role administrators must maintain SAP Fiori authorizations in transaction code PFCG. With that the documentation of SAP Fiori authorization follows the same concept as for all other ABAP authorization in SAP Solution Manager 7.2 – Process Management.
Note: You don’t create any authorization in SAP Solution Manager for your managed system (e.g.: S4HANA). Instead, you document them, based on your business processes, to work with them in the application lifecycle management.
These are some typical use cases:
- prepare authorization concept
- design SAP Fiori Business Roles along the business processes
- implement your authorization concept
- test your authorization concept
- change and history information
- cross system view on authorization
- authorization change impact analyses on business processes
Let’s get into detail!
First, working with SAP Fiori applications:
As mentioned above the system landscape and the related business process serves as a baseline for application lifecycle management in SAP Solution Manager 7.2.
With that in place you have capabilities to analyze and work with SAP Fiori applications.
Below you see an example how this looks like in SAP Solution Manager 7.2 – Process Management. First, you have the business brocess with the involved business roles.
Each role has his process steps in the flow how they are executed. SAP Fiori applications are elements of this process step. The SAP Fiori applications coming from a library which represent all system information (SAP System, SAP Fiori ID, Name, Object, Action, Parameter).
Note: Here you find a general introduction on how to work with SAP Fiori Applications in SAP Solution Manager 7.20 – Process Management
Note: In our internet demo system you can check out this example E2E_OTC_Sale-from-Stock Internet Sales (simplified).
To work with SAP Fiori authorization, you should have this documentation in place.
Note: It’s not mandatory to use BPMN diagram. You can also use a hierarchy view of your business processes.
Second, working with SAP Fiori authorizations:
In SAP Solution Manager 7.2 – Process Management, Configuration units are used to document the authorization setup of your managed systems. With that you can make use of the library concept in Process Management for all your authorizations.
Furthermore, it makes sense to separate the configuration units by business roles.
By creating the business role, I suggest using the configuration type attribute with the value “Authorization”. This helps you for your ongoing documentation to easily find and report everything related to it.
Note: To use this attribute please apply SAP Note 3207125 if you are on SAP Solution Manager 7.2. – SPS15 and lower.
To speed up the creation of Business Roles in Configuration Library you can use the excel upload functionality.
Let me know here in the comments if you like to learn more about that.
In my example I create in the configuration library all used business roles from the example above. The business roles you can get from the used diagram entities in Process Management, or you get them direct from your S/4HANA system or you define them by yourself as part of your authorization concept.
Within the configuration units you can now assign different configuration objects, e.g. PFCG roles or related documents. In my example the Business Role “Shipping Specialist” make use of 3 PFCG roles. You can direct assign them from the SAP S/4HANA system or create them by yourself manual in SAP Solution Manager 7.2 – Process Management.
Having done the configuration library part you have established a kind of business roles library in place which can be used in our business processes.
For that I navigate back to my process example of E2E_OTC_Sale-from-Stock Internet Sales (simplified). Here I select my first process step “Sales Order Entry” where I like to assign the relevant business role including their authorization roles. In the Elements of section I see the SAP Fiori application used to execute this process step.
Here I assign via right mouse click my configuration unit which represents my business role and its authorization roles. From the diagram flow I know that the process step is executed by the business role “Internal Sales Representive”. After searching for it I find all configuration units related to the business roles in my dedicated system. I look up for the configuration type “Authorization” and assign it to my process step.
If selecting the configuration unit, a second tab appears with the assigned authorization roles.
With the described approach you can have a holistic documentation of all SAP systems, business process, business roles + authorization and SAP Fiori Applications. This approach is applicable for greenfield (to be) or transition (as is) projects. It allows you to cover multiple ALM use cases.
Let me know your thoughts on that1 What are your challenges to work with Fiori Applications