Saturday, March 21
SAP FIORI security concepts
This article is about the activities that a FIORI
developer/administrator would do in a FIORI implementation project. This will
be more from the perspective of SAP FIORI security.
By the end of this article, you will know concept of authentication,
authorization, FIORI in the context of SAP ECC and S/4 HANA systems, types of users
involved in SAP FIORI implementation project.
What is the difference between authentication and
authorization?
Authentication is to provide access to the system.
The ability to login to the system using correct login credentials is called
authentication. And authorization is the ability of the user to perform
various transactions within the system after login. Using authorizations,
granular control over the ability of a user performing various transaction within
the system can be done. For example, some users may be authorized to create a
sales order, modify it and display it. While some other group of user may have
authorization to only display a sales order.
What is FIORI?
FIORI is the new user experience for SAP solutions like ECC,
S/4 HANA, SAP suite solutions etc... With the coming of FIORI, the old UI
technologies like Dynpro, BSP and dialog programming have become obsolete. The
main selling factor is FIORI is that it enables users to access business data and
transactions on mobile devices and with high availability and in a secure
manner and in a role-based manner. Moreover, FIORI apps are simple and coherent
in nature. The monolithic screens that we used to see in the tcodes like ME21,
VA01, MM01 etc… have been broken down into smaller chinks UI controls allowing
users to focus on the task to be performed on the screen. And with this, the UI
screens are self-explanatory and hence the training costs involved reduces
drastically. The default user experience for S/4 HANA is FIORI. FIORI apps also
has offline capabilities.
SAP FIORI provides role based assess to SAP Apps. What
does this mean? Which type of users are involved in SAP FIORI implementation project?
In FIORI implementation project, there are 5 type of users.
First, the Business user. This is the user who uses the FIORI App and
does his daily tasks of his job using FIORI apps. Second is the SAP FIORI
Security consultant also called BASIS consultant. This user installs the
system, applies upgrades to the system, applies SAP notes to the system. He
creates users, roles and hence gives necessary authorizations to the end users.
This person creates the PFCG roles and add FIORI catalogue and Groups, OData
authorizations etc... to the role and assign this role to the business users.
He might also create the FIORI launchpad designer to create Tiles, target
mapping, catalogue, group. He also might create Semantic object and Launchpad
role instance. The third person is the UI5 developer also called FIORI
developer. This guy creates brand new UI5 applications for business user’s
requirements. At times, he extends standard Fiori apps. In case of FIORI extensions,
he refers the FIORI apps library and does the necessary extensions based on
business requirements. He will create odata services and consume those on UI5
apps. He will work on eclipse or on Web IDE. He will sometimes work on FIORI
launchpad designer. Fourth user in the implementation project is called key
user. This user does the UI adaptations
as per business requirements. He creates KPI tiles, smart filter FIORI apps.
The fifth user is the UX designer. He focuses on creating prototypes, he uses build.me
to create prototype. He is bridge between the business user and the UI5 application
developer. His focus is to ensure that business user is happy with the UI
controls, the screen navigation, the no. of clicks the user has to do to
complete his tasks on the App, the app’s responsiveness etc. He creates
prototypes and demoes it to the business users, gets his consensus and then hands
over the prototype code to the UI5 developer so that developer can import the prototype
in actual UI5 app project and then build further on it, integrate actual odata
services and build full-fledged app based on the prototype.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
You are welcome to express your views here...