Show TOC

Security Aspects for Launchpad Configuration FilesLocate this document in the navigation structure

In a launchpad configuration file, you can set parameters for the SAP Fiori launchpad. It is important that you make sure that only authorized persons can edit these files.

For security reasons, the system considers a launchpad configuration file only if it originates from a path that is included in the configurationFileFolderWhitelist parameter of the FioriLaunchpad.html file. In the configuration delivered by SAP, a launchpad configuration file may only be located in one of the following folders:

  • In the same folder as the FioriLaunchpad.html file
  • cfg/ (relative path to the FioriLaunchpad.html file)
  • cfg/sap/ (relative path to the FioriLaunchpad.html file)
  • /sap/ushell_config (absolute path on the front-end server)
  • /sap/bc/ui5_demokit/test-resources/sap/ushell/demoapps/LaunchpadConfigFileExamples/ (absolute path on the front-end server)

Make sure that only authorized persons have write access in these folders.

If you would like to restrict the list of allowed paths further, or allow additional paths, you can edit the FioriLaunchpad.html file. This file is located in the BSP repository of your front-end server, in the folder Start of the navigation path /UI2/USHELL Next navigation step Page Fragments Next navigation step shells Next navigation step abap End of the navigation path.

Caution

The FioriLaunchpad.html file is delivered by SAP. If you modify this file, your changes might be overwritten when you upgrade your system to a new release or support package. For this reason, remember to create a backup copy of the FioriLaunchpad.html file before upgrading.