Authorization Control over Apps and In-App Navigation Links

In daily work, you may be curious about how navigation links are shown inside your apps, why you are not able to navigate via some links, or why you are not permitted to create certain custom apps. All these questions are related authorization control. This blog attempts to address these questions in the Sales area of SAP S/4HANA.

Six common business roles

In general, there are six frequently-used business roles in the Sales area.

Business Role

Authorization

SAP_BR_SALES_MANAGER

Read all CDS views/Apps related to Sales Analytics

SAP_BR_INTERNAL_SALES_REP

All authorizations for sales documents except customer returns

SAP_BR_RETURNS_REFUND_CLERK

All authorizations for customer returns

SAP_BR_BILLING_CLERK

All authorizations for billing documents

SAP_BR_PRICING_SPECIALIST

All authorizations for pricing master data

SAP_BR_TAX_SPECIALIST

All authorizations for tax master data

 

How to find authorization required for Fiori apps/CDS views?

CDS Views

When you want to create a custom analytics app and don’t know the authorization details about the CDS view.

Example: If you want to use query C_SALESORDERITEMQRY to create custom KPI reports via app “Manage KPIs and Reports” and the OData Service cannot be loaded.

Performing the following:

1.     Open app View Browser (SAP_BR_ANALYTICS_SPECIALIST).

 

2.     Search for C_SALESORDERITEMQRY and open the view.

3.     Click Product Assistance to navigate to the help document.

 

4.     View authorization details.

 

Firoi APPs

Use the Fiori app name to search in Fiori Library.

For example: https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F2512')/S19

Which navigation links can be shown inside apps?

Case 1: link display controlled by semantic object(s)

In-app navigation links may be controlled by semantic object(s). In most cases, in-app navigation links share the same semantic object with the app. You can view and navigate through the links.

Example app: Sales Volume – Details Analysis

All the links in “Open In” have the same semantic object “BillingDocument”, which is also the semantic object of the app.

 

Case 2: link display not affected by semantic object

Some apps have fixed navigation links pre-delivered by SAP. Their display is not affected by semantic objects. You may need to add corresponding business roles/catalogs to your user (Refer to the last chapter).

Example app: Sales Performance – Plan/Actual

What if error message "Navigation to this application is not supported" pops up?

Example: In app My Sales Overview, navigation through an item in card Customer Returns failed. The error message “Navigation to this application is not supported” is shown.

 

You can infer required authorization as follows:

1.     Find the key object in the context.

  1. Here, "Customer Returns" is the key object. So, business role SAP_BR_RETURNS_REFUND_CLERK or customer returns related business catalog is needed.
  2.  Search for the My Sales Overview app in Fiori library. Check its "Related Apps" area for an app that closely matches the key object "Customer Returns".

In this case, Manage Customer Returns is the most relevant app. https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F2200')/S19

 

3.     Click on the app to get authorization details.