Cockpits

When users log on to an AS ABAP system, they see all roles that are assigned to their user name in the system. This is the expected default behavior when the user logs on to SAP Business Client. However, in many cases, a user wants SAP Business Client to display a mini-application that consists of a small number of roles. It should only display the roles belonging to its application (the roles that are tailored to the specific task and that are tested and documented together). The new development of a solution management process can serve as an example here: All of the roles can be given an indicator specifying that they belong to a certain cockpit.

As soon as the user accesses the system using the SAP Business Client cockpit, only the roles assigned to that cockpit are sent to the client and displayed. This means that the user has a restricted view of the specific roles that belong to the displayed application. For more information, see Menu Options.

A cockpit is simply the name of an application that consists of one or more roles. From a technical point of view, a cockpit is defined as a node in the ICF service tree. This is the central point of access to the application and to AS ABAP. As soon as a request for a cockpit is received, all roles that are assigned to the current user run through a filter. Only a small subset of roles that are assigned to the specific cockpit are output. However, if no special roles are assigned, a general cockpit is displayed. In this case, all roles that are not assigned to a specific cockpit are made available on the client. This gives the user a generic view of all roles that are normally visible, without the roles of the mini-application. For more information, see Creating and Configuring ICF Services.

From a security point of view, cockpits have an extremely important role. A cockpit is a central point through which an application within AS ABAP can be accessed if it is active.

The ICF node of the relevant cockpit must be active to enable access to AS ABAP by using the cockpit path. This technology is similar to the procedure for BSP applications or Web Dynpro ABAP applications. The cockpit node must be active in the ICF service tree for the logical application with which the cockpit is associated to be active. For more information, see Activating and Deactivating ICF Services.

In summary, a cockpit can be seen as a logical application that filters all roles assigned to the user so that only the roles that belong to the application remain.

Make sure that the following activities are carried out for cockpits:

1. Define new cockpits by creating a new ICF node beneath your handler node in the ICF service tree. For more information, see Create Service.

   Example path specifications for SAP cockpits: /sap/bc/ui2/nwbc/ess

2. All cockpits are logical entries that must be activated.

   For more information, see Menu Options.

3. Define all roles that belong to each cockpit and provide them with indicators accordingly.

   For more information, see Menu Options.

1. Define the access path to your cockpit in the HTTP service tree.

   The path must take the form .../ui2/nwbc/<cockpit name>.

   Example: /sap/bc/ui2/nwbc/mycockpit

   1. Create the path in transaction HTTP Service Hierarchy Maintenance ( SICF).

   2. Configure the UI2/CL_NWBC_HTTP handler for the nwbc node.

   3. Activate the system logon for the nwbc node.

      For more information, see System Logon.

2. Assign roles to users.

   For more information, see Creating and Editing User Master Records in the section Identitiy Management in the SAP Library for SAP NetWeaver on SAP Help Portal at http://help.sap.com/netweaver.