Show TOC

Configure Roles for Tile CatalogsLocate this document in the navigation structure

Role administrators make tile catalogs available to end users by configuring roles for tile catalogs and assigning the roles to users.

Catalogs define the set of tiles that users can use to personalize the launchpad home page. For more information on creating and configuring catalogs, see Setting up Navigation.

You use PFCG roles to provide end users with access to the applications referenced by tiles in catalogs. If a user is assigned to the role that is configured for the catalog, the user can browse through the catalog, choose tiles from this catalog, and add them to the launchpad home page.

To assign a catalog created in the launchpad designer (Fiori launchpad catalog) to a role, you create a new menu entry for the tile catalog in the PFCG role menu. The system automatically reads all target mappings that fit to the selected catalog and the current system and collects the applications the target mappings refer to.

The following types are taken into account when reading authorization default entries:
  • SAP NetWeaver Gateway OData services used in SAPUI5 applications
  • Web Dynpro ABAP applications
  • Transactions

All relevant authorization defaults for applications are added in the role menu as depending nodes of the catalog. Using this information, you maintain authorization data and generate a profile for the role. The authorization default values will be added as standard authorizations as soon as the merging procedure is performed. Standard authorizations contain empty fields which must be completed in order to have a complete set of authorizations.

The target applications referenced by a catalog can reside on a front-end or a back-end server. You have the following options to assign a catalog to a role and determine authorization objects:
  • Local scenario:

    A specific catalog residing on the front-end server contains applications that reside on the same server. In this case, you can locally assign tiles and read the required authorizations.
  • Remote scenario:

    A specific catalog residing on the front-end server contains applications residing on a different server (another front-end server or a back-end server). In this case, you remotely assign tiles and read the required authorizations.

Update authorization defaults:

When applications are added to or removed from a catalog, the system can retrieve this delta and you can, if neccessary, update the authorizations for the role to which the catalog is assigned.


If you assign HANA Catalogs, Fiori Catalog Pages, or Remote Catalogs, you assign catalogs to roles without reading authorization default entries.

For more information, see Assign Tile Catalogs to Roles Without Reading Authorizations.