Show TOC

App Implementation: Access RiskLocate this document in the navigation structure

System Landscape Requirements

In order to be able to implement this app, your system landscape has to be enabled for SAP Fiori. Depending on the database type serving as the basis in your system landscape, it has to be set up for SAP Fiori and has to meet the respective prerequisites:

The SAP product version in the back-end system serving as the the basis for the app must be the following:

Required Back-End Product (Product Version Stack)

SAP NETWEAVER 7.4 - SPS 04 (10/2013)

Each SAP Fiori app consists of front-end components and back-end components:
  • The front-end components of the app consist of the user interfaces and content required for launching the app on the SAP Fiori launchpad. These components have to be installed on your front-end server.

  • The back-end components of the app mainly consist of the OData services required for the app. These components have to be installed in your back-end system.

The front-end and back-end components of the app are delivered with the following SAP product versions as part of the listed software components. The required software components for the app are contained in the listed product instances:

App Component

Required SAP Product Version (Support Package Stack)

Available Instances Containing Software Component

Software Component Required for App (Support Package)

Front-End Components

SAP Fiori 1.0 for SAP solutions for GRC ( 06 (04/2015) )
  • UI for GRC NW731
  • UI for GRC NW740

UIGRC001 100 (0006 )

Back-End Components

SAP Access Control 10.1 (08 (02/2015))

GRC ABAP Components

GRCFND_A V1100 (0004 )

For more information about the installation of front-end components, see

The app offers the possibility to upload documents. For security reasons, we strongly recommend that you install an appropriate virus scanner in your respective back-end system and define sufficiently restrictive scan profiles to prevent the upload of malicious content. For more information about virus scanning and scan profiles for SAP Fiori apps, see Virus Scanning.

Required SAP Notes

On the back-end server, the following SAP notes must be implemented for this app:

SAP Note Number


not available Information published on SAP site

not available

On the front-end server, the following SAP notes must be implemented for this app:

SAP Note Number


not available Information published on SAP site

not available

Implementation Tasks

The following sections list tasks that have to be performed to implement the required components of the app. The tables contain the app-specific data required for these tasks.

You can find the data required to perform these tasks in the SAP Fiori apps reference library at:

Back-End Server: Create Connectors

SAP Fiori fact sheets are based on search models. To be able to use a fact sheet, you must activate the underlying search models by creating connectors. Create the connector in transaction ESH_COCKPIT.

You can find the search models for this app in the SAP Fiori apps reference library.

One search model is marked as the primary search model. The others are marked as secondary search models. Secondary search models enable the display of information about related business objects in the fact sheet tiles.

For more information about creating connectors, see SAP Help Portal at under Start of the navigation path Technology Next navigation step  Next navigation step SAP NetWeaver Platform Next navigation step <release> Next navigation step Application Help Next navigation step Funktion-Oriented View Next navigation step Search and Operational Analytics Next navigation step Embedded Search Next navigation step Setting Up Embedded Search Next navigation step Creating Connectors End of the navigation path.


Note the following system behavior:

Search software components build a stack. Different layers can be installed on top of the basis component.

Search models can be available in different components: in their original component, but also in higher layer components (extension components).

Once you create a search connector in an extension component, all search models from the original component are transferred into the extension component. You will, therefore, no longer find the search models in their original component, as is shown in the table below.

Example You have created a connector for a search model originating in search component SAPAPPLH. You have created the connector via component EAAPPLH, not via its original component SAPAAPLH. From that moment on, all search models originating in component SAPAPPLH can be found only under the EAAPPLH node in transaction ESH_COCKPIT.

Front-End Server : Activate OData Services


Technical Name

OData Service (Version Number)


For more information about how to activate the OData service, see Front-End Server: Activate OData Services .

Front-End Server: Activate SAP UI5 Application


Technical Name

SAP UI5 Application


For more information about how to activate the SAP UI5 application (ICF service), see Front-End Server: Activate ICF Services.

Enable App for Access in SAP Fiori Launchpad

To define the access of single users to this app in the SAP Fiori launchpad, technical content is delivered, such as catalogs and example roles.

You can find an overview of the delivered technical content for this SAP Fiori app in the SAP Fiori apps reference library.

For more information about how to procede with this content, see Enable App for Access in SAP Fiori Launchpad.

Front-End Server and Back-End Server: Assign OData Service Authorizations to Users

You must assign OData service authorizations for the app to your users.


Several authorization default values are connected to the OData service. To ensure that all these default values are assigned to a user, you have to follow the instructions given under the documentation links provided.

Make the assignment on the back-end server and on the front-end server :
  • On the back-end server, a dedicated authorization role (PFCG role) for the OData service is delivered as an example. You can copy this role and adjust it to your needs.

  • On the front-end server , you must assign the OData service authorization to a new or existing role, such as a business role that has been adjusted according to your needs.

OData Service (Version Number)

Back-End Server: Delivered Authorization Role (PFCG Role)

Front-End Server : Assignment to Authorization Role


In addition, this role contains authorizations to display the related business data.



In addition, this role contains authorizations to display the related business data.

OData service authorization must be assigned.

Configuration Tasks

To be able to implement the app, you must perform the following configuration tasks in the back-end system:

  • Run Modeler


For information about how to extend fact sheets, see the extensibility documentation for the respective SAP NetWeaver release on your front-end server at Start of the navigation path Extensibility Information for SAP Fiori Next navigation step Extending the UI Layer Next navigation step UI Extensibility for Fact Sheets End of the navigation path. To extend a fact sheet, you have to change the related annotation file. The following table contains the information that you need to find the annotation file.


Technical Name

BSP Application for Annotation Files


Annotation File


Business Add-Ins (BAdIs)


    You can use this BAdI enhancement spot to overwrite or extend the existing implementation.

More Information

For more information about app implementation, see Start of the navigation path App Implementation Information for SAP Fiori End of the navigation path.