Before you can start to implement the app, ensure that your system landscape has been set up to enable SAP Fiori and that this system landscape already includes the front-end components and back-end components for your app:
SAP Fiori System Landscape Options | |
---|---|
Configuration of Front-End Server | |
Back-End Components (Product Version Stack) | SAP Access Control 10.0 SPS 15 SAP Access Control 10.1 SPS 7 |
SAP HANA Content Component Delivered with (Product Version Stack) | SAP Smart Business 1.0 for SAP solutions for GRC SPS 6 |
VDM Contained (Product Version Stack) | SAP HANA Live 1.0 for SAP solutions for GRC SPS 9 |
Front-End Components Delivered with (Product Version Stack) | SAP Smart Business 1.0 for SAP solutions for GRC SPS 6 Instance: Frontend Serv. Cont. GRC Analy. Software Component Version: UIHGRC01 100 |
The Frequently Used Roles
analytical app is launched using a KPI tile.
For the All Access Requests
app, the following SAP Notes must be implemented:
Back-End/Front-End Server | SAP Note Number | Description |
---|---|---|
General Note | SAP Smart Business for access control management |
The following sections list tasks that have to be performed to implement the Frequently Used Roles
tile. The tables contain the tile-specific data required for these tasks.
You can find the data required to perform these tasks in the SAP Fiori apps reference library at https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/index.html?appId=F0564
You can find the data required to perform this step in the SAP Fiori apps reference library at https://www.sap.com/fiori-apps-library.
SAP HANA Role | Needed for ... |
---|---|
sap.hba.r.grc.roles::SAP_SMART_BUSINESS_ACCESS_CONTROL_MANAGER | Read access to KPI data (views and XS OData services) |
sap.hba.apps.grcia.s.roles::SAP_GRC_ROLE_ANALYST | Navigation to |
As a prerequisite for read-access to KPI definition, ensure you have assigned the generic role Smart Business Runtime Role
(sap.hba.r.sb.core.roles::SAP_SMART_BUSINESS_RUNTIME
) to all users or roles.
As a prerequisite for KPI modeling, ensure you have assigned the generic role Smart Business Administration Role
(sap.hba.r.sb.core.roles::SAP_SMART_BUSINESS_MODELER
) to specific users (e.g. key user, administrator).
For more information about SAP HANA roles, see Assigning Roles for Accessing SAP HANA Data.
You can find the KPI data required to perform these steps in the SAP Fiori apps reference library at https://www.sap.com/fiori-apps-library.
Needed for | How to generate? |
---|---|
Access to KPI data (only views) | To be generated by the customer using |
Access to KPI definition in KPI catalog | To be assigned by the customer using SAP Smart Business modeler app |
You can find the KPI data required to perform this step in the SAP Fiori apps reference library at https://www.sap.com/fiori-apps-library.
Needed for | How to generate? |
---|---|
Access to business data (only views) | To be generated by the customer using |
UI5 Application | Technical Name |
---|---|
Generic Drill-down Application |
|
For more information about how to activate the SAP UI5 application (ICF service), see Front-End Server: Activate ICF Services of SAP UI5 Application.
Component | Technical Name |
---|---|
Application-specific Business Role |
This is the application-specific Business Role required to launch the Role Analytics app. |
The SAP Fiori launchpad is the entry point to SAP Fiori apps. From a user perspective, it displays those SAP Fiori apps that have been assigned to the catalog designed for this user's role.
This presupposes that an administrator has made the necessary assignments in the launchpad designer to enable a user's access to the respective SAP Fiori apps in the SAP Fiori launchpad. For more information, see Setup of Catalogs, Groups, and Roles in the SAP Fiori Launchpad.
SAP delivers technical catalogs for groups of SAP Fiori apps as repositories to create your own catalogs in the launchpad designer. Along with these catalogs, more technical content is delivered for each SAP Fiori app. You can find the delivered technical content for each SAP Fiori app in the SAP Fiori apps reference library.
To restrict access to OData services to specific users, you have to assign roles (including OData service authorization for the app) to your users. You have to make the assignment on the back-end and on the front-end server:
You must assign OData service authorizations for the KPI to your users.
Caution
Several authorization default values are connected to the OData service. To ensure that all these default values are assigned to a user, you have to follow the instructions given under the documentation links provided.
Make the assignment on the back-end server and on the front-end server:
On the back-end server, a dedicated authorization role (PFCG role) for the OData service is delivered as an example. You can copy this role and adjust it to your needs.
For more information, see Back-End Server: Assign OData Service Authorization to Users.
On the front-end server, you must assign the OData service authorization to a new or existing role, such as a business role that has been adjusted according to your needs.
For more information, see Add Start Authorizations for OData Services to Role on Front-End and Front-End Server: Assign Roles to Users.
OData Service (Version Number) | Back-end Server: Delivered Authorization Role (PFCG Role) | Front-End Server: Authorization Role |
---|---|---|
|
Note In addition, this role contains authorizations to display the related business data. End of the note. | Use an existing role or create a new one. |