This tutorial will walk through the process of configuring the Fiori Launchpad. It’s a process we’ve developed over time to form a sort of “best practice” where launchpad content is concerned. It’s worth me explaining to anyone reading this that I work for an SAP partner, as such we have our own namespace in which we develop our solutions, so some things in this document will refer to our namespace, in a customer scenario this would be substituted with Z or Y, I’ll try to call out these and suggest customer alternatives where possible.
This tutorial will cover the following Topics
- SAP S4 Core Back End Security
- Single and Composite Roles
- Fiori Front End Server Configuration
- Tile Catalogs and Groups
- Business Roles
- Tips n Tricks
It is also worth exploring some terminology in this overview, as with many SAP products you will hear terminology and jargon that very often means the same thing
Fiori Front End Server = SAP Gateway (SAP Gateway is a component of the FES)
SAP S4 Core = SAP Backend System
Fiori App = SAPUI5 Web Application
Classic UI = SAPGUI Transaction or WebDynPro App
Fiori Tile = a Pointer to a Fiori App, a Classic UI Transaction, a WebDynPro App, a WebApp or any URL/WebPage etc.
oData Service = a Web Service to get data to and from an SAP system.
Role = a collection of any of the above, assigned to a user to give them access to said objects.
Fiori Launchpad configuration is managed across 2 systems, which depending on the deployment option of the Gateway (hub/standalone or embedded) might be done in 2 actual servers or in 1.
To date, most of our customers have opted for the Central Gateway Hub Server, however SAP’s recommended approach these days is the embedded scenario, it’s simpler to have both the Front and Back end server existing in one SAP system.
Here is a great document detailing the various deployment options
Important points to note:
- Fiori Apps are deployed to the Gateway system
- Fiori Launchpad config is done on the Gateway system
- SAP security (access to transactions etc) is done on the backend ERP system.
S4 Core – SAP Backend Security Roles
There are 2 types of roles that need to be created for security purposes:
- Single Roles
- Composite Roles
This document is not meant to be a guide on how to develop security roles, simply to understand the basic concept and design of the roles.
Single Roles contain objects like transaction codes, authorization objects and their values, oData services etc. Use transaction PFCG to create these roles in the back-end ERP system.
Single Role naming conventions are as follows:
/DSN/SR_<Product Short Name>_<Role Description>
Customer space alternative naming convention: ZSR_<Role Description>
e.g. /DSN/SR_PPC_CONTROL_CENTER, in this role we assign all the oData service objects required for the apps, it may also contain objects like transaction codes, authorization objects and their values.
In the resulting popup window, use the drop-down menu for the Authorization Default field to select TADIR Service.
In the Object Type field, use the drop-down menu to choose SAP Gateway: Service Groups Metadata.
**Note** in the screenshot above that the service is being added on the front end, so the object type is IWSG – SAP Gateway: Service Groups Metadata.
When doing this for the back end, the object type should be similar – IWSV – SAP Gateway: Service Groups Metadata.
Now, in the table below, locate and add the service(s) and be sure to save. Again, the services need to be added in the front and back-end systems.
Security Composite Roles
Composite roles are a collection of Single Roles which make up the entirety (or part of) a users role in the business. E.g. a Buyer may need access to single roles such as “Material Masters”, “Vendor Masters”, ”Purchase Requisitions”, “Purchase Orders” etc. The buyer needs all of them to carry out their role, we could assign the buyer each single, however for convenience we create a Composite Role called “Buyer” and assign the Single Roles “Material Masters”, “Vendor Masters”, ”Purchase Requisitions”, “Purchase Orders” to it. Then we simply assign the Composite Role to the user.
Security Composite Role naming conventions are as follows:
/DSN/SCR_<Product Short Name>_<Role Description>
Customer space alternative naming convention: ZSCR_<Role Description>
e.g. /DSN/SCR_PPC_PROJECT_MANAGER, in this role we assign all the single roles required for Project Manager to perform their duties.
Fiori Front End Server Configuration
There are 4 elements that make up the Fiori Front End Server Configuration namely;
- Technical Catalogs
- Business Catalogs
- Business Catalog Groups
- Business Roles
Technical Catalogs, Business Catalogs and Business Catalog Groups are creating using the Fiori Launchpad Designer.
Business Roles are created using the SAPGUI.
Use the following URL in the web browser to access the Fiori Launchpad Designer.
Before doing any configuration, create a customizing transport on the Gateway system!
Assign the transport in the Fiori Launchpad Designer as follows:
Creating a New Catalog
Enter a Title and an ID for the catalog and save
In the context of our partnership with SAP our Technical Catalogs contain all target mappings and tiles for a specific solution. In the context of a customer implementation a technical catalog may contain all target mappings and tiles for an SAP module, or a business area, or any other logical grouping.
Technical Catalog ID naming conventions are as follows:
/DSN/TC_<Product Short Name>
Customer space alternative naming convention: ZTC_<business area>
Fiori Catalogs, are made up of 2 components which ultimately result in a tile which can be placed on the Fiori Launchpad, these 2 components are Target Mappings and Tiles.
- Target mappings are mappings of an application type (e.g. Fiori App, Classic UI transaction code, URL etc.) to a Semantic Object and an Action.
- Tiles are simply a pointer to a Target Mapping via a Semantic Object and an Action.
What is a Semantic Object: a Semantic Object represents a business entity such as a customer, a sales order, or a product. In our case, the semantic object represents a Dassian Product, e.g. DassianPPC. Using semantic objects, you can bundle applications that reflect a specific scenario. They allow you to refer to objects in a standardized way, abstracting from concrete implementations of these objects.
What is an Action? : an Action represents a specific action for an object, e.g. DisplaySnapshotReport
Navigation to tiles is done via “intents”. What is an intent: An intent is a unique combination of a semantic object and an action and an optional set of navigation parameters.
In our case the intent for a tile to display the Snapshot Report for the Dassian PPC Product has the following Semantic Object and Action DassianPPC-DisplaySnapshotReport.
Customer space e.g. : VendorMaster-DisplayVendorListReport
It is recommended to make these as descriptive as possible!
Creating a Target Mapping
Below are examples of how-to setup a target Mappings for a Classic UI transactions, Fiori Apps and URLs.
In each case, the Semantic Object and Action are defined in the intent section, and the Application type and ID are defined in the Target Section.
Note that while Semantic Objects and Actions can be freely defined, Semantic Objects can also be configured in transaction /UI2/SEMOBJ and can therefore be selected using the search help. Actions however are always freely defined. Try to use consistent actions such as “execute”, “create”, “display”, “delete” and “maintain” followed by a description of the intent.
Also Note that in the Target section, Classic UI Applications and URLs need a System Alias to be defined, this is because Classic UIs and URLs do not reside on the front-end server, i.e. the transaction code/URL will be executed on a back-end server.
The System Alias is a mapping of the Fiori Front End Server to the Backend S4 Core system. If necessary use transaction SM30 to maintain /UI2/V_ALIASMAP and add the required System Alias.
Fiori Apps do not need a System Alias defined as the App resides on the front-end Server.
e.g. 1. Classic UI Target Mapping
e.g. 2. URL Target Mapping
Note that in the case of this URL it is mapped to relative server location on the back-end S4 Core web server.
e.g. 3. SAPUI5 Fiori App Target Mapping
Note that for the Fiori App, the URL is the relative SICF path to the Fiori App service and ID is the component name of the Fiori App itself… See the Tips ‘n Tricks section at the end for help finding this info.
Creating a Tile
Dynamic tiles may display a Title, Description and Icon together with simple KPIs such as “number of outstanding documents for approval” to be displayed on the tile. These KPIs are fed by specific oData services which must be defined in the tiles dynamic content area.
Static Tiles simply display a Title, Description and Icon.
Unless you have a specific data service to feed a dynamic tile, you should use a Static Tile.
Enter a Title, Description, Keywords (used for search) and choose an Icon for the tile.
Define the Semantic Object and Action to point towards the associated Target Mapping.
**Important** the definition of the Semantic Object and Action are Case Sensitive, one error here and the tile will not appear on the Launchpad … cut n paste from the Target Mapping to the Tile to avoid any discrepancies!
See the Tips ‘n Tricks Section for info about icons
e.g. Static Tile.
Business Catalogs contain references to target mappings and tiles defined in a Technical Catalog.
Business Catalog ID naming conventions are as follows:
/DSN/BC_<Product Short Name>_<Catalog Description>
Customer space alternative naming convention: ZBC_<Catalog Description>
First create the Business Catalog, the process is the same as creating a Technical Catalog (described previously in this document) then from within the Technical Catalog;
- Click the Target Mappings section
- Select the Target Mapping to be referenced
- Click Create Reference
Search for the business catalog to make the references to, and select the catalog … be very careful here, one wrong click and the assignment could be made to the wrong catalog as there is no confirmation prompt!
You will get a toast message informing you the reference has been made.
Repeat the process for the tile;
- Click the Tile List section
- Select the Tile to be referenced
- Click Create Reference
Search for the business catalog to make the references to, and select the catalog … again, be very careful here, one wrong click and the assignment could be made to the wrong catalog as there is no confirmation prompt!
You will get a toast message informing you the reference has been made.
When displaying the Business Catalog, the referenced Target Mappings and Tiles are now shown. Note that any changes to the Target Mappings and Tiles in the Technical Catalog will automatically be reflected in the Business Catalog.
Business Catalog Groups
Business Catalog Groups contain collections of tiles to be displayed automatically on the Users Fiori Launchpad in specific groupings
Business Catalog Group ID naming conventions are as follows:
/DSN/BCG_<Product Short Name>_<Catalog Group Description>
Customer space alternative naming convention: ZBC_<Catalog Group Description>
Creating a Business Catalog Group
Enter a Title and an ID for the group and save
Click Add in the “Show as Tiles” section
Search for the Business Catalog where the tile was referenced
Click the Add button underneath each tile to be added to the group, the add button turns into a green check mark to indicated the tile was added
The tiles are now added to the group, repeat the process to add additional tiles
Note that tiles from many Business Catalogs can be added into one Group if required.
Business Roles are created in the SAPGUI, they contain Business Catalogs and Business Catalog Groups, these Roles are then assigned to the end user.
Business Role ID naming conventions are as follows:
/DSN/BR_<Product Short Name>_<Business Role Description>
Customer space alternative naming convention: ZBR_<Business Role Description>
Creating a Business Role
Next enter a Description for the Business Role and then click the menu tab as shown below, at this stage you will be prompted to Save
Click the “insert node” drop down menu shown below and choose “SAP Fiori Tile Catalog”
Search for the Business Catalog ID to the assigned to the role and click continue.
You may be presented with the following warning message, this is because the catalog may contain Classic UI transaction codes which are not present on the Gateway Server, click Yes to continue. You will now have the option to run an analysis report to view the problem log, this log will confirm the issue where the Classic UI Transaction codes are “Missing”. This is ok since we have configured the Classic UIs to run on the back-end system.
Return to the Role Maintenance screen.
Next click the “insert node” drop down menu shown below and choose “SAP Fiori Tile Group”
Search for the Business Catalog Group ID to the assigned to the role and click continue.
Next Click the Authorizations Tab, in the section labelled “Information about Authorization Profile” click the button “Propose Profile Names” next to field “Profile Name” as shown below;
Next Click the User Tab, you may be prompted to Save again.
Assign users to the role as shown below;
Save the Role!
Business Roles can be transported however SAP does not automatically prompt the user to create a transport when creating a role
Tips n Tricks.
Here’s a cool site to find icons for your tiles!
How to find and transport LaunchPad content. (useful if content was created locally or building a new transport with existing content)
Use the WebDynpro App WD_ANALYZE_CONFIG_USER
Example URL below
https://<your servername and port>/sap/bc/webdynpro/sap/wd_analyze_config_user
How to find Standard Fiori Apps.
Use the master list on the left to choose a category, e.g. Fiori Apps for S/4 Hana
You can then filter by further criteria as shown below
For this example we will choose “All Apps”
Use the search bar to search for Apps, Note that you can search by name or if you are looking for Classic UI, you can use transaction code.
Click on an App in the list to display the App details, product information, view screenshots etc.
Now click on the Implementation Information Tab, choose the version of S/4 Hana you are interested in
Expand the Installation section, here you can see the front and back end component details, you can cross check this with the system info in the system/s where you want to use the App to see if they are compatible. In many instances you may find the App is already installed and will just need to be activated.
In the SAPGUI on any screen, goto “More > System > Status”, click the icon in the “SAP System Data” section
Now expand the Configuration section, this section you can see the SAPUI5 Application details, the oData services that feed the App, the Fiori Launchpad data required to give users access to the app, i.e. the Technical Catalog, Business Catalogs and Business Roles.
If you find a particular role that interests you and you want to know what else is in that role, copy the role ID
Go back to the start and again choose “Fiori Apps for S/4 Hana”, next choose roles
Paste the role name in the search bar and click search, the role will be shown in the list.
Click on the role to display all the apps in the role, then browse the roles and check out the Apps in the role
How to find the Target Mapping info for SAP Delivered Fiori Apps, Partner Fiori Apps or Custom Fiori Apps.
In the SAPGUI, launch transaction SICF, then click execute…
The details for the Target Mapping URL are the path + service name
To find the Target Mapping ID, open SAP WebIDE (or ask the developer to do this part or look in the MIME repository)
In the App Project structure, open the Component.js file, the app ID is displayed as shown below
How to clear all the Fiori LaunchPad cache (useful in the case that new roles are not showing up for your user).
On the Fiori Front End server
- Use transaction code SMICM, select Goto > HTTP Plug-In > Server Cache > Invalidate Globally.
- Use transaction code /n/IWFND/CACHE_CLEANUP check cleanup all models > execute
- Backend server
- Use transaction code /n/IWBEP/CACHE_CLEANUP check cleanup all models > execute