Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 12 Fiori launchpad Configurations

sanjeevanand
Explorer
‎05-03-2019 3:59 PM

GRC 12 has new feature to use Persona based Fiori launchpad for easy navigation


In this version ,SAP delivers more standard tiles for front end navigation (similar functionality as NWBC links used in previous versions) Example catalog tiles for dashboards navigation provides detail information on key metrics.


We can also create our own groups and add the tiles we use frequently instead of searching the links through NWBC screens

Please refer to the link for more information on GRC 12 Access control components

https://help.sap.com/viewer/product/SAP_ACCESS_CONTROL/12.0.03/en-US

This blogs explains the configuration steps required to use Fiori as the front end for both Access control and Process control components.



Overview


1.Front end components provides Business catalogs and Business Roles.

2.Back-end components provides Technical catalog which has the information about the tiles. SAP delivers these standard catalog ID both for Access and process controls functionalities.

3.We need to replicate the technical catalog from back-end into the front-end to establish a connection between technical catalog and business catalog using a standard SAP program.

Prerequisite



  • Following Access control and Process control  GRC components needs to be installed in front-end gateway system.


UIGRAC01 - Access control Components

UIGRPC01 - Process Control Components

  • SAP UI  has to be in 7.52 SP02


Configuration steps


Step 1:  Setup Trusted RFC connection's from Gateway system to GRC system.


Trusted R/3 Connection (type 3 - ABAP connection) - Login to Transaction SM59 to create the connections.. Set up these connection as Trusted connections and set the current user to true

 



HTTP connection ( type H - HTTP connection) - Recommend to use HTTPS port and set SSL option as true


Step 2 : Map the RFC Connections to SAP system Aliases


Maintain below standard views as required in front end gateway system using transaction SE16

a)/UI2/V_SYSALIAS – Add GRC components ( SOHGRAC and SOHGPC) to the SAP system Aliases table view



b) /UI2/V_ALIASMAP – MAP the system aliases to  R/3 ABAPRFC connection created in step 1


Step 3: Replicate the Technical Catalog from the Back-end System


Launch the report /UI2/GET_APP_DESCR_REMOTE_DEV using Transaction SE38



Run the report with below details for Acess Control components

SOHGRAC – system Alias

SAP_TC_GRC_AC_BE_APPS – SAP standard back end program for replication

Replication mode: Full Replication

Please refer to link below for more information on back-end end replication

https://help.sap.com/saphelp_fiori_sfin_300/helpdata/en/e0/84ab56c437f62ae10000000a4450e5/frameset.h...

https://blogs.sap.com/2017/01/20/fiori-remote-content-in-backend-catalogs-technical-base/

 



Run the report with below details for  PC components

SOHGRPC -– system Alias

SAP_TC_GRC_PC_BE_APPS -– SAP standard back end program for process control replication



Run in test mode initially.

If logs looks good, unchecked the test mode and run the program again



Note: Running for first time should show the number of catalog and apps added.. Otherwise it would

Show the message replication is up to date as shown below..



Note :SAP recommend scheduling the report to run daily. As the report needs to run after every system update, scheduling the report to run daily ensures that you have up-to-date information in the SAP Fiori Launchpad designer.

Step 4 : Create Fiori Catalog page in font end system


Execute transaction /N/UI2/FLPD_CUST

You can notice that new catalog pages created after executing the above program's

a)ID : X-SAP-UI2-ADCAT:SAP_TC_GRC_AC_BE_APPS:SOHGRAC

b) ID : X-SAP-UI2-ADCAT:SAP_TC_GRC_PC_BE_APPS:SOHGRPC



Note: we cannot assign the above standard catalogs to the role

Copy the above standard catalogs to Z version to customize the tiles and  also to add in the PFCG role. 



Copy to new catalog entering Title and ID



New catalog page is created as shown below



You can also use the delivered Business catalogs to customize the different front end navigation as required.. In our requirement we just had one team to access all the components.

The following business catalogs and business roles are delivered as part of the front-end component UIGRAC01.. You can customize these roles as required.




Step 5 : Assign the  Catalog page created in step 4 to PFCG role


Transaction: PFCG

Menu -> Fiori tile catalog



 



Assign the role to the user now



Note this user has to exist in both front end and back end with access for S_RFCACL auth object to establish trusted relationship.. 

The back-end GRC user role will have required authorization for executing the functionalities of GRC ( Access and process control tiles)

Step 6: Validation


Execute the transaction N/UI2/FLP

GRC AC 12 components are now accessible through gateway front end system



You can create your own group and add the requires tiles as needed

settings -> App finder



Additional information

Implement the instruction in below note if back-end system prompts for the password

2485474 - How to configure SSO from Fiori Launchpad to a back-end system with logon ticket

More information on Fiori front end configuration

https://help.sap.com/viewer/cdc25c83b63e482586b31b8acd49cf2f/1709%20002/en-US/7a5489588bf89244e10000...
6 Comments
Popular Blog Posts
Top kudoed authors
View all