S/4HANA How-To-Guide Document Version: 1.0 2017-02-22 RELEASED FOR CUSTOMERS SAP S/4HANA 1610 - How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0
Document History The following table provides an overview of the most important document changes. Table 1 Version Date Description 1.0 July 18, 2016 Initial Version Gilbert Wong
Typographic Conventions Type Style Example Example EXAMPLE Example Example <Example> EXAM PLE Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER.
Table of Contents 1 Introduction... 5 2 Documentation Links... 6 3 SAP Backend Role Creation and Generation from SAP Frontend Catalog... 7
1 Introduction This document is created by the S/4HANA Regional Implementation Group (RIG) and will detail the steps required to create SAP Backend authorizations for a SAP S/4HANA 1610 system based on SAP Fiori 2.0 Frontend Server Catalog information. This document is intended to cover the steps to generate backend authorizations objects based on SAP Fiori Apps, SAP Transactions based on SAPGUI for HTML and Web Dynpro applications from the SAP Fiori Frontend Tile Catalog. This document will use a sample SAP Fiori Frontend Catalog to generate the required authorization objects on the SAP Backend S/4HANA 1610 system. You will still need to maintain/create the SAP Frontend authorizations which consist of the SAP Business Catalog, SAP Business Groups, and PFCG roles. For more information on how to setup and create custom SAP Business Catalogs, SAP Business Groups and PFCG roles, please refer to the security documentation located on the SAP help site, https://help.sap.com/fiori_implementation. You need to design the overall SAP security strategy based on the customer requirements. How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 5
2 Documentation Links Below are the links to various S/4HANA OP 1610 documentation to be used as reference to the installation. Documentation Help.sap.com URL for Fiori implementation and configuration SAP Fiori Implementation Information https://help.sap.com/fiori_implementation How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 6
1. SAP Backend Role Creation and Generation from SAP Frontend Catalog 1. Ensure SAP Frontend Catalog and Group has been setup and defined correctly. As a starting point, you can use a standard delivered SAP Frontend Business Catalog. For this example, we will use the following SAP Business Catalog from the SAP Fiori Frontend Server. SAP_MM_BC_IM_MANAGE (Materials Management- Warehouse Management) 2. Log on to backend S/4HANA system. Start transaction /npfcg 3. Create new PFCG Role. a. Enter new PFCG Role name. b. Click on Single Role How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 7
4. Enter description and save PFCG role and click on Yes to save the SAP PFCG role. 5. Select dropdown from Transaction menu. 6. Select SAP Fiori Title Catalog How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 8
7. Enter Catalog ID from Assign Tile Catalog screen. a. Select Remote Front-End Server b. Enter Frontend RFC Destination connection to the SAP Fiori Netweaver Gateway System. c. Select Catalog ID you would like to import into SAP PFCG Role. 8. S_SERVICES and SAP Transaction codes will be added to the SAP PFCG Role Menu. 9. Create and Maintain the SAP PFCG Authorization Objects. a. Select Authorizations Tab. b. Click on Change Authorization Data pencil button. How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 9
10. Save PFCG role. 11. Business Authorization Objects will be added to the SAP PFCG Profile. a. Maintain Authorization Values for the profile. b. Click on the Save icon to continue. 12. Maintain authorization objects per customer requirements. a. Make sure all traffic lights are green b. Click on Save. How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 10
13. Save SAP PFCG Profile. 14. Generate the SAP PFCG Profile. a. Click on the Generate Icon. 15. Assign SAP PFCG role to end user. a. Click on User Tab. b. Add users to User Assignments. c. Click on Save Icon to save SAP PFCG Role assignment. d. Click on User Comparison. How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e 11
www.sap.com/contactsap 2015 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. Please see www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Field Code Changed Material Number: