Show TOC

Function documentationRoles, Users, and Authorizations on Back-End Server Locate this document in the navigation structure


For SAP Fiori apps, back-end users need specific authorizations.

In most cases, users in the back-end system already exist and have application-specific authorizations.

SAP delivers back-end a PFCG role for every app. These delivered roles contain references to the corresponding OData services that are required to use the applications. Based on the OData service reference, authorization proposals of the OData service can be used to create authorization profiles.

Back-end PFCG roles for fact sheets contain the authorizations to use the underlying search models and to display the business data from the back end. For more information about authorizations for search models, see the Authorizations section in the Security Guide for Search and Operational Analytics. Enter the key words Security Guide for Search and Operational Analytics in the documentation of SAP NetWeaver under

Note the following system behavior regarding fact sheets display:

Fact sheets correspond to business objects and include tiles with information about related business objects. By clicking on a tile, users can open another fact sheet.

For example, the purchase order fact sheet includes a tile with information about related contracts.

For these related business objects, search model authorizations are included in the back-end PFCG role for the original fact sheet.

In the example above, the PFCG role for the purchase order fact sheet includes the authorization for the contract search model. Users with the back-end PFCG role for the purchase order fact sheet are thus enabled to see the following:

  • Tiles for contracts in purchase order fact sheets

  • Contracts as search results in the SAP Fiori search

These users, however, do not necessarily have the authorization for the OData service corresponding to the contract business object. Therefore, they may not be able to navigate to the contract fact sheet.

Recommendation Recommendation

Check the underlying search models for a fact sheet. These search models have corresponding fact sheets with corresponding back-end PFCG roles as well.

To prevent situations where users arrive at a “dead end” in fact sheet navigation, assign these second-level back-end PFCG authorizations to them, as long as the user is supposed to see the related data.

Then, to enable a deeper navigation, consider the second-level fact sheets and the required roles for their related search models, and so on.

End of the recommendation.