This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Sap Fiori - Security & Authorization Concept as PDF for free.
More details 6y5l6z
- Words: 1,002
- Pages: 4
What is SAP Fiori SAP Fiori is a new experience (UX) for SAP software and applications. It provides a set of applications that are used in regular business functions like work approvals, financial apps, calculation apps and various self-service apps. SAP Fiori provides 300+ role-based applications like HR, Manufacturing, Finance, etc. SAP Fiori enables multiple device applications that allows s to start a process on their desktop/laptops and to continue that process on a smartphone or on a tablet. SAP has developed Fiori Apps based on Interface UI5.
Key Components of SAP Fiori Architecture The key components in high-level landscape of SAP Fiori architecture are given below. 1. 2. 3. 4.
SAP Web dispatcher SAP ABAP front-end server SAP ABAP Back-End Server HANA XS engine
SAP Web dispatcher is the first point of in SAP Fiori architecture for end s. This handles all web browser requests from end s via mobile devices or laptops. It is an entry point for all HTTP/HTTPS requests and defines if a system has to accept or reject the requests and the server where request should go. It can reject or accept connection to SAP Fiori system.
SAP Web Dispatcher:
SAP ABAP front-end server: SAP ABAP front-end server contains all the UI components of Fiori system and NetWeaver gateway. These UI components consist of central UI add on, SAP UI5 control library and SAP Fiori Launchpad. It also contains product specific UI. SAP NetWeaver Gateway is used to setup a connection between SAP business suite and target clients, platforms and framework. It offers development and generation tools to create OData services to different client development tools.
SAP ABAP Back-End Server: It is used to contain the business logic and the back-end data. Search model for fact sheets and SAP business suite is contained in ABAP back-end server.
HANA XS engine: It is used to run all analytical apps in SAP Fiori. It contains Fiori app content and virtual data-model reuse content, which is provided through SAP HANA Live. HANA XS Engine consists of two components −
HANA Live App content for Business suite. Smart Business component with KPI Modeler.
SAP Fiori – Security Securing SAP Fiori system ensures that the information and processes your business needs, are secured without any unauthorized access to critical information. Managing s in SAP Fiori −To manage SAP Fiori transactional apps, you should have below s −
s in SAP NetWeaver Gateway and ABAP front-end server in the ABAP back-end server
Secure Network Communication (SNC) Secure Network Communications (SNC) integrates SAPNetWeaver Single Sign-On or an external security product with SAP systems. With SNC, you strengthen security by using additional security functions provided by a security product that are not directly available with SAP systems. Important Features −
SNC secures the data communication paths between the various SAP system client and server components. There are well-known cryptographic algorithms that have been implemented by security products ed and with SNC, you can apply these algorithms to your data for increased protection. With SNC, you receive application-level, end-to-end security. All communication that takes place between two SNC-protected components is secured. Additional security features like Smart cards can be used that SAP does not directly provide. You can change the security product at any time without affecting the SAP business applications.
Role and Authorization Concept Types To use OData services provided by UI add-on for SAP NetWeaver, s must have the following authorizations:
In the back-end system, assign s to a role that includes authorizations for the respective service. In the SAP NetWeaver Gateway system, assign s to a role that is mapped to the respective SAP System Alias in Customizing for the respective service (activity Activate and Maintain Services in Customizing for Gateway OData Channel).
Standard Authorization Object for Fiori Security The following table shows the security-relevant authorization objects that are used by the UI add-on for SAP NetWeaver:
Authorization Object S_PB_CHIP
/UI2/CHIP
S_SERVICE
Field
Value
Description
ACTIVITY
All activities
CHIP_NAME
None
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to configure, customize, and personalize pages.
ACTIVITY
All activities
/UI2/CHIP
X-SAP-UI2*
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to configure, customize, and personalize pages. For end s, restrict the activities to 03 (display) and 16 (execute). This is a hashed value. Each service has its own hash value, that is, you can restrict the access to the system on system level. If you need the linkage of hash value to object catalog entry, refer to table USOBHASH.
SRV_NAME
SRV_TYPE
HT
Hash type
S_CTS_I
CTS_FCT
TABL
All these authorization objects are needed for different aspects of adding development objects to a transport request.
S_CTS_S
CTS_FCT
TABL
S_SYS_RWBO
ACTVT TTYPE ACTVT TTYPE ACTVT DEVCLASS OBJNAME OBJTYPE
CUST, DTRA 01, 03 CUST, DTRA, TASK 01, 02, 03, 06, 16 * * WDCC
S_TRANSPRT S_DEVELOP
1
The following table shows the security-relevant authorization objects that are used by the UI add-on for SAP NetWeaver: Authorization Object
Field
Value
Description
ACTIVITY
03 and 16
CHIP_NAME
X-SAP-WD-CHIP*
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to display pages.
S_PB_CHIP
/UI2/CHIP
ACTIVITY
This authorization object is important for accessing the page builder.
All activities
/UI2/CHIP S_SERVICE
SRV_NAME
You can use these values in roles for s who should be able to delete and add tiles on personalize pages.
X-SAP-UI2*
For end s, restrict the activities to 03 (display) and 16 (execute). /UI2/PAGE_BUILDE This is a hashed value. Each service has its own hash value, that is, you can restrict the access to the system on R_PERS system level. If you need the linkage of hash value to object /UI2/INTEROP catalog entry, refer to table USOBHASH. /UI2/LAUNCHPAD
SRV_TYPE
HT
Hash type
Key Components of SAP Fiori Architecture The key components in high-level landscape of SAP Fiori architecture are given below. 1. 2. 3. 4.
SAP Web dispatcher SAP ABAP front-end server SAP ABAP Back-End Server HANA XS engine
SAP Web dispatcher is the first point of in SAP Fiori architecture for end s. This handles all web browser requests from end s via mobile devices or laptops. It is an entry point for all HTTP/HTTPS requests and defines if a system has to accept or reject the requests and the server where request should go. It can reject or accept connection to SAP Fiori system.
SAP Web Dispatcher:
SAP ABAP front-end server: SAP ABAP front-end server contains all the UI components of Fiori system and NetWeaver gateway. These UI components consist of central UI add on, SAP UI5 control library and SAP Fiori Launchpad. It also contains product specific UI. SAP NetWeaver Gateway is used to setup a connection between SAP business suite and target clients, platforms and framework. It offers development and generation tools to create OData services to different client development tools.
SAP ABAP Back-End Server: It is used to contain the business logic and the back-end data. Search model for fact sheets and SAP business suite is contained in ABAP back-end server.
HANA XS engine: It is used to run all analytical apps in SAP Fiori. It contains Fiori app content and virtual data-model reuse content, which is provided through SAP HANA Live. HANA XS Engine consists of two components −
HANA Live App content for Business suite. Smart Business component with KPI Modeler.
SAP Fiori – Security Securing SAP Fiori system ensures that the information and processes your business needs, are secured without any unauthorized access to critical information. Managing s in SAP Fiori −To manage SAP Fiori transactional apps, you should have below s −
s in SAP NetWeaver Gateway and ABAP front-end server in the ABAP back-end server
Secure Network Communication (SNC) Secure Network Communications (SNC) integrates SAPNetWeaver Single Sign-On or an external security product with SAP systems. With SNC, you strengthen security by using additional security functions provided by a security product that are not directly available with SAP systems. Important Features −
SNC secures the data communication paths between the various SAP system client and server components. There are well-known cryptographic algorithms that have been implemented by security products ed and with SNC, you can apply these algorithms to your data for increased protection. With SNC, you receive application-level, end-to-end security. All communication that takes place between two SNC-protected components is secured. Additional security features like Smart cards can be used that SAP does not directly provide. You can change the security product at any time without affecting the SAP business applications.
Role and Authorization Concept Types To use OData services provided by UI add-on for SAP NetWeaver, s must have the following authorizations:
In the back-end system, assign s to a role that includes authorizations for the respective service. In the SAP NetWeaver Gateway system, assign s to a role that is mapped to the respective SAP System Alias in Customizing for the respective service (activity Activate and Maintain Services in Customizing for Gateway OData Channel).
Standard Authorization Object for Fiori Security The following table shows the security-relevant authorization objects that are used by the UI add-on for SAP NetWeaver:
Authorization Object S_PB_CHIP
/UI2/CHIP
S_SERVICE
Field
Value
Description
ACTIVITY
All activities
CHIP_NAME
None
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to configure, customize, and personalize pages.
ACTIVITY
All activities
/UI2/CHIP
X-SAP-UI2*
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to configure, customize, and personalize pages. For end s, restrict the activities to 03 (display) and 16 (execute). This is a hashed value. Each service has its own hash value, that is, you can restrict the access to the system on system level. If you need the linkage of hash value to object catalog entry, refer to table USOBHASH.
SRV_NAME
SRV_TYPE
HT
Hash type
S_CTS_I
CTS_FCT
TABL
All these authorization objects are needed for different aspects of adding development objects to a transport request.
S_CTS_S
CTS_FCT
TABL
S_SYS_RWBO
ACTVT TTYPE ACTVT TTYPE ACTVT DEVCLASS OBJNAME OBJTYPE
CUST, DTRA 01, 03 CUST, DTRA, TASK 01, 02, 03, 06, 16 * * WDCC
S_TRANSPRT S_DEVELOP
1
The following table shows the security-relevant authorization objects that are used by the UI add-on for SAP NetWeaver: Authorization Object
Field
Value
Description
ACTIVITY
03 and 16
CHIP_NAME
X-SAP-WD-CHIP*
This authorization object is important for accessing the page builder. You can use these values in roles for s who should be able to display pages.
S_PB_CHIP
/UI2/CHIP
ACTIVITY
This authorization object is important for accessing the page builder.
All activities
/UI2/CHIP S_SERVICE
SRV_NAME
You can use these values in roles for s who should be able to delete and add tiles on personalize pages.
X-SAP-UI2*
For end s, restrict the activities to 03 (display) and 16 (execute). /UI2/PAGE_BUILDE This is a hashed value. Each service has its own hash value, that is, you can restrict the access to the system on R_PERS system level. If you need the linkage of hash value to object /UI2/INTEROP catalog entry, refer to table USOBHASH. /UI2/LAUNCHPAD
SRV_TYPE
HT
Hash type
Related Documents 3h463d
October 2021 0
Sap Fiori Security 4zh4n
November 2019 61
Sap Security Sap Security Essentials 4t4x2u
December 2019 94
Sap Fiori Deployment Options 2c155f
November 2022 0
Sap Fiori Architecture 265q36
December 2019 37