Authorities for Fiori Apps and SAP MyInbox integration

The access to the back-end services of ProNovia Fiori Apps are protected by the SAP default authorization object for ODATA Services (S_SERVICE).

The following fields and values are being checked. For details please refer to the SAP authorization object documentation.

In case of Gateway Hub Systems, this authorization must be assigned in the back-end system.

Field	Value

Field	Value
Type	TADIR Service
PgId	R3TR
Object Type	IWSV
Object Name	BPF My Inbox integration: /PCH/BPF_INBOX_SRV 0001 /PCH/BPF_TASKS_SRV 0001 BPF Dashboard and Process List: /PCH/BPF_REPORTING_SRV 0001 DMC Explorer: /PCH/DMC_EXPLORER_SRV 0001 LDB Dashboard: /PCH/LDB_LOGISTIC_DASHBOARD_SRV 0001

In case of Gateway Hub Systems, the authorization must be assigned in the front-end system.

Field	Value

Field	Value
Type	TADIR Service
PgId	R3TR
Object Type	IWSG
Object Name	<technical service name>_<service version 4 digits with leading zeros> (use available Value Help). The name depends on the prefix used during service activation. BPF My Inbox integration: e.g. ZBPF_INBOX_SRV_0001 e.g. ZBPF_TASK_SRV_0001 BPF Dashboard and Process List: e.g. ZBPF_REPORTING_SRV_0001 DMC Explorer: e.g. ZDMC_EXPLORER_SRV_0001 LDB Dashboard: e.g. ZLDB_LOGISTIC_DASHBOARD_SRV_0001

Please keep in mind, that any user using any SAP ODATA Service in a non local deployment scenario (call via RFC) need proper backend authorizations for the Gateway RFC Interface. Please refer to the SAP NetWeaver Gateway Foundation Security Guide for more Information on your landscape setup. The user should have at least the following authorizations for the authorization object S_RFC:

Field	Value

Field	Value
Type of RFC object to which access is to be allowed	FUGR (Function group)
Name (Whitelist) of RFC object to which access is allowed	/IWBEP/FGR_MGW_CLIENT_IF
Activity	16 (Execute)