About Authorizations for Assigning Roles

ABAP system adminstrators use transaction PFCG to perform all the functions for the maintenance and follow-up processing of the roles and user assignments for the SAP Fiori launchpad on the Portal.

You need the following authorizations to assign roles for the launchpad:

Authorization to execute Transaction PFCG (role maintenance)
Authorization to execute Transaction SU25 (transfer authorization data)
Authorization to execute Transactions SU24 (modify authorization defaults as needed)

There is a specific PFCG (automatic) back-end role that you assign to users to enable access to the launchpad on the portal: SAP_UI2_FIORI_CATALOGS_READ. The launchpad uses the authorization concept provided by the SAP NetWeaver Application Server ABAP. Therefore, the recommendations and guidelines for authorizations that are described in the NetWeaver Application Server ABAP Security Guide also apply to the launchpad. In the SAP NetWeaver authorization concept, authorizations are assigned to users based on roles. To maintain roles, use SU25 and SU24 to copy and maintain authorization default values and the profile generator (transaction PFCG) on the NetWeaver Application Server ABAP.

For more information, see the SAP NetWeaver Application Server ABAP Security Guide at Start of the navigation path http://help.sap.com/nw_platform Next navigation step Security Guide Security Guides for SAP NetWeaver Functional Units Security Guides for the Application Server Security Guides for the AS ABAP SAP NetWeaver Application Server ABAP Security Guide End of the navigation path .

For more information about how to create roles, see Start of the navigation path http://help.sap.com/nw_platform Next navigation step Application Help SAP NetWeaver Library - Function Oriented View Security Identity Management User and Role Management of Application Server ABAP Configuration of User and Role Administration Role Administration End of the navigation path .