Thursday, 25 August 2022

Initial Setup of the SAP Fiori Launchpad

 To use SAP Fiori apps, users need app-specific SAP Fiori user interface (UI) entities and authorizations. You assign these types of entities to users by means of PFCG roles.

SAP Fiori launchpad is the access point to apps on mobile or desktop devices. To use SAP Fiori apps, users need the following app-specific types of entities:

  • UI

    The SAP Fiori UI entities define which SAP Fiori apps are displayed to the user. The apps are organized through catalogs and groups.

  • Authorizations

    The authorizations that are required to use SAP Fiori launchpad, to start SAP Fiori apps, and to use the business logic and data of the apps.

Dependencies between SAP Fiori UI Entities, OData Services, and Authorizations

The following figure shows the dependencies between the entities:
  • The SAP Fiori UI entities that define which SAP Fiori apps are displayed to the user

  • The OData services that retrieve the dynamic data to be displayed from the business logic for the SAP Fiori apps

  • The authorizations required to start and to use the business logic of the SAP Fiori apps. These authorizations are defined by the OData services.











UI Entities

we use UI Entities to organize apps that are displayed to users. 

  • Catalog

A catalog is a set of apps that you want to make available and authorize for your users. The users can browse through the catalog, choose apps from the catalog, and add them to the entry page of their SAP Fiori launchpad.

Technically, apps are represented by the following:

  • KPI tiles to launch the app
  • App launcher tiles to launch the app

 

Note

Only the apps that can be accessed directly from the entry page of the SAP Fiori launchpad have an app launcher tile. 

 

  • Target mappings referencing the actual navigation targets



Note

For launching apps either using a tile or using navigation, users require a target mapping. We recommend that you add the tiles and corresponding target mappings to the same catalog.

  • Group

Groups define the SAP Fiori launchpad entry page. The apps in the group are a subset of apps that are assigned to one or several catalogs. Which tiles are displayed on a user’s entry page depends on the catalogs and groups assigned to the user’s roles. If a group contains apps that are not assigned to the user by catalogs, the app is not displayed on the user’s entry page. In addition, if configured, the user can personalize the entry page by adding or removing apps to pre-delivered groups or self-defined group.

You maintain catalogs and groups in the launchpad designer. SAP delivers technical catalogs which contain apps per application area. In addition, SAP delivers business catalogs and business groups as sample collection of apps relevant for a business role.

As an administrator, you can use the technical catalogs as repository to create your own role-specific business catalogs and groups. For more information, see Maintaining Business Catalogs and Business Groups.

PFCG Roles

You use PFCG roles to assign the UI entities and authorizations to the users:

  • PFCG roles on the front-end server

By adding the catalogs to the role menu, you include the apps in the catalog that is available to the users. By adding groups, you define the SAP Fiori launchpad entry page.

To start the apps, users require the start authorizations for the model provider of the activated OData services. To get these start authorizations, you add the OData services to the PFCG role menu. For the OData services the SAP Fiori apps use, see the SAP Fiori app documentation.

If available, the system determines the OData services for a catalog and automatically includes the start authorizations when adding the catalog to the role menu.

For more information, see Create PFCG Role on Front-End and Assign Launchpad Catalogs and Groups.

  • PFCG roles on the back-end server

On the back-end server, the OData services that the SAP Fiori apps use are implemented. Therefore, the users need to have start authorization for the OData service’s data provider, and all the business authorizations for accessing business data displayed in the app.

For object pages, the authorization defaults also include the authorizations for the SAP Fiori search connectors. The OData services carry the authorization defaults for the business authorizations as suggested by SAP.

To get the authorizations, you add the OData services to the PFCG role menu. This adds the start authorizations and the authorization defaults for the business authorizations of the applications to the role. If available, we recommend adding the catalog to the role menu to automatically determine the OData services included in the catalog. With that, you can organize the update of authorizations when the catalog changes. In the figure above, the dotted arrow pointing from the menu of the PFCG role on the back-end to the catalog on the front-end illustrates this recommendation

For more information, see Create PFCG Role on Back End.

Sequence When Starting an SAP Fiori App

  1. When the user starts the SAP Fiori launchpad, the launchpad displays the app tiles that are assigned to users via catalogs and organized in groups.

A launchpad-specific OData service resolves the catalogs and groups a user is assigned to: This service resolves the user’s catalog and group assignments using the PFCG roles the user belongs to on front-end server, by collecting the corresponding catalog and group entries in the PFCG role menu.

  1. To start an SAP Fiori app, the user chooses a tile. The tile resolves the technical SAP Fiori app implementation to be started using a target mapping.

The tiles and target mappings of a catalog or group, which then determine the technical SAP Fiori app implementation, are maintained in the SAP Fiori launchpad designer.

  1. When a user’s browser loads an SAP Fiori app, the app retrieves its dynamic data from the HTTP endpoint of the app-specific OData service on the front-end server. SAP Gateway translates the HTTP request to a trusted RFC call to the SAP Gateway enablement of the back-end server, which then retrieves the data by calling the relevant business logic.

The user requires authorizations for the app-specific OData service, that is, the start authorizations for the service on the front-end server and in the back-end server and the business authorizations required by the business logic.

 

Thanks

 Rupesh Chavan