Sie sind auf Seite 1von 12

S/4HANA How-To-Guide RELEASED FOR CUSTOMERS

Document Version: 1.0 2017-02-22

SAP S/4HANA 1610 - How to Create and Generate


Backend Security Authorizations for SAP Fiori 2.0
Document History

The following table provides an overview of the most important document changes.

Table 1

Version Date Description

1.0 July 18, 2016 Initial Version Gilbert Wong


Typographic Conventions

Type Style Description

Example Words or characters quoted from the screen. These include field names, screen titles,
pushbuttons labels, menu names, menu paths, and menu options.
Textual cross-references to other documents.

Example Emphasized words or expressions.

EXAMPLE Technical names of system objects. These include report names, program names,
transaction codes, table names, and key concepts of a programming language when they
are surrounded by body text, for example, SELECT and INCLUDE.

Example Output on the screen. This includes file and directory names and their paths, messages,
names of variables and parameters, source text, and names of installation, upgrade and
database tools.

Example Exact user entry. These are words or characters that you enter in the system exactly as
they appear in the documentation.

<Example> Variable user entry. Angle brackets indicate that you replace these words and characters
with appropriate entries to make entries in the system.

EXAMPLE Keys on the keyboard, for example, F 2 or E N T E R .


Table of Contents

1 Introduction ................................................................................................................................... 5

2 Documentation Links ..................................................................................................................... 6

3 SAP Backend Role Creation and Generation from SAP Frontend Catalog ....................................... 7
1 Introduction

This document is created by the S/4HANA Regional Implementation Group (RIG) and will detail the steps required
to create SAP Backend authorizations for a SAP S/4HANA 1610 system based on SAP Fiori 2.0 Frontend Server
Catalog information. This document is intended to cover the steps to generate backend authorizations objects
based on SAP Fiori Apps, SAP Transactions based on SAPGUI for HTML and Web Dynpro applications from the
SAP Fiori Frontend Tile Catalog.

This document will use a sample SAP Fiori Frontend Catalog to generate the required authorization objects on the
SAP Backend S/4HANA 1610 system. You will still need to maintain/create the SAP Frontend authorizations
which consist of the SAP Business Catalog, SAP Business Groups, and PFCG roles. For more information on how
to setup and create custom SAP Business Catalogs, SAP Business Groups and PFCG roles, please refer to the
security documentation located on the SAP help site, https://help.sap.com/FIORI_IMPLEMENTATION. You need
to design the overall SAP security strategy based on the customer requirements.

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e |5
2 Documentation Links

Below are the links to various S/4HANA OP 1610 documentation to be used as reference to the installation.

Documentation
Help.sap.com URL for Fiori implementation and configuration
SAP Fiori Implementation Information

https://help.sap.com/FIORI_IMPLEMENTATION

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e |6
1. SAP Backend Role Creation and Generation
from SAP Frontend Catalog

1. Ensure SAP Frontend Catalog and Group has been setup and defined correctly. As a starting point, you
can use a standard delivered SAP Frontend Business Catalog. For this example, we will use the following
SAP Business Catalog from the SAP Fiori Frontend Server.
SAP_MM_BC_IM_MANAGE (Materials Management- Warehouse Management)

2. Log on to backend S/4HANA system. Start transaction /nPFCG

3. Create new PFCG Role.


a. Enter new PFCG Role name.
b. Click on Single Role

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e |7
4. Enter description and save PFCG role and click on Yes to save the SAP PFCG role.

5. Select dropdown from Transaction menu.

6. Select SAP Fiori Title Catalog

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e |8
7. Enter Catalog ID from Assign Tile Catalog screen.
a. Select Remote Front-End Server
b. Enter Frontend RFC Destination connection to the SAP Fiori Netweaver Gateway System.
c. Select Catalog ID you would like to import into SAP PFCG Role.

8. S_SERVICES and SAP Transaction codes will be added to the SAP PFCG Role Menu.

9. Create and Maintain the SAP PFCG Authorization Objects.


a. Select Authorizations Tab.
b. Click on Change Authorization Data pencil button.

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e |9
10. Save PFCG role.

11. Business Authorization Objects will be added to the SAP PFCG Profile.
a. Maintain Authorization Values for the profile.
b. Click on the Save icon to continue.

12. Maintain authorization objects per customer requirements.


a. Make sure all traffic lights are green
b. Click on Save.

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e | 10
13. Save SAP PFCG Profile.

14. Generate the SAP PFCG Profile.


a. Click on the Generate Icon.

15. Assign SAP PFCG role to end user.


a. Click on User Tab.
b. Add users to User Assignments.
c. Click on Save Icon to save SAP PFCG Role assignment.
d. Click on User Comparison.

How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0.docx P a g e | 11
www.sap.com/contactsap

2015 SAP SE or an SAP affiliate company. All rights reserved.


No part of this publication may be reproduced or transmitted in any
form or for any purpose without the express permission of SAP SE
or an SAP affiliate company.
The information contained herein may be changed without prior
notice. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other
software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company
for informational purposes only, without representation or warranty
of any kind, and SAP or its affiliated companies shall not be liable for
errors or omissions with respect to the materials. The only
warranties for SAP or SAP affiliate company products and services
are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein
should be construed as constituting an additional warranty.
SAP and other SAP products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks of
SAP SE (or an SAP affiliate company) in Germany and other
countries. All other product and service names mentioned are the
trademarks of their respective companies. Please see
www.sap.com/corporate-en/legal/copyright/index.epx for
Field Code Changed
additional trademark information and notices.

Material Number: