In this Blog I will explain the steps how to Implement authorization concept for the Fiori apps to display in the SAP Build Work Zone, standard edition based on the roles/catalog/groups configured in BTP content.
We can control the Fiori apps to display in the SAP build work zone. We will configure the roles for the Fiori apps deployed in cloud foundry in BTP / HTML5 Application Repository and SAP build work zone should show based on the role assigned to user.
Please note: -SAP Launchpad service is now changed SAP Build Work Zone, Standard Edition.
To achieve this scenario, we will use a use case, we will create 2 HTML5 freestyle Fiori apps in BAS using the Northwind odata service and deploy in cloud foundry.
- Customer app
- Order app
These apps should be visible to users based on the Role assigned to them.
Configuration Steps:-
Step 1: – Login to BTP cockpit ( Trial account in this scenario) Subscribe to the SAP Build Work Zone, standard edition.
Step 2: – Create a north wind destination.
Step 3: – Create two freestyle Fiori app in Business application studio using the Northwind odata service.
Step 4: – Deploy these two Fiori apps to cloud foundry.
Step 5: – Create respective role in build work zone (launchpad service) and assign the deployed apps.
Step 6: – Assign the role to user and open the launchpad URL to view the app.
Step 1: – Subscribe to the SAP Build Work Zone, standard edition.
- In Subaccount of BTP go to Service Marketplace on the left.
- Search for the SAP Build work zone Service tile and choose Create.
3. Keep the default settings for Service and Plan and choose Create.
4. Assign Role Collection and assign the role: – Launchpad_Admin collection to your user.
5. Navigate to the Site Directory and create a new site.
6. Give your site a name and click “Create”, it will not display anywhere on your final site, it is just reference.
Step 2: – Create a north wind destination.
Destinations are key building blocks in SAP BTP and are used to define connections for outbound communication from your application to remote systems. These remote systems can be on-premises or in the cloud.
A destination has a name, a URL, authentication details, and some other configuration details.
The destination you will define here is for the set of OData services known as the “Northwind” services, which are publicly available.
The Northwind OData services comes in several versions. We will use version V2 in our case.
Step 3: – Create a freestyle Fiori app in Business application studio using the Northwind odata service.
- We will develop a Fiori App using the SAP Business Application Studio to create a freestyle app in BAS using a wizard that creates a multi-target application (MTA) project that is configured to use Managed Application Router. An MTA is required to create the deployment artifact for SAP BTP, Cloud Foundry environment.
When end-users access an app in the Cloud Foundry environment, they actually access the Application Router first. The application router is used to serve static content, authenticate users, rewrite URLs, and forward or proxy requests to other micro services while propagating user information.
The managed application router is the HTML5 Applications Runtime capability provided by SAP Build Work Zone, standard edition, to which you must be subscribed.
2. The Application Route Generator Wizard opens up and following parameters need to be provided:
- Application router project path
- MTA ID and description
- Add Route Module
3.Wait until the creation of project is completed. A notification that “The files has been generated” appears at the bottom right of the screen.
4. Open the project’s folder. select the created project within the projects folder, and click OK
5.SAP Business Application Studio reloads with the project open in its workspace. In the Explorer view you can see the project, its folder structure, and files.
6. Generate an app based on SAPUI5 Application template The easiest way to develop an SAPUI5 freestyle app from scratch is to create it from a template.
7.For Template Selection, select the following, and click Next.
Step | Parameter | Value |
A | Application type | SAPUI5 freestyle |
B | Which template do you want to use? | SAP Fiori List – Detail Application |
8. For Data Source and Service Selection, select the following, and click Next.
Step | Parameter | Value |
A | Data source | Connect to a Odata Service |
B | Service | https://services.odata.org/V2/Northwind/Northwind.svc/ |
.Hit “Next” and for demonstration purposes select any combination of fields that will work.
9.On “Finish” the project will be created and become visible in your Explorer pane
10. Provide the deployment configuration details.
11. Enable one more app: – order by following above Steps.
12. Right click on mta.yml file and select “Build MTA Project”.
13. Once Build is completed you can find the generated Mtar Archive Folder.Now click on MTAR generated folder and select Deploy MTA Archive file to the cloud foundry.
14.login to the cloud foundry with credential and space for deployment.
.
15. Deployed apps will be visible under HTML5 application.
Step 5: – Create respective role in build work zone (launchpad service) and assign the deployed apps.
- Open the admin UI of the SAP Launchpad service via SAP work zone.
2. Access the Content Provider You should now see the following screen and hit the refresh button to synchronize the Launchpad with HTML5 application repository.
3. Now navigate to the content manager. In the tab “Content Explorer” you should see the new content provider.
4. Select the app add them to your content with the button “Add to My Content”.
5. Now go to “My Content” select the Deployed App and now add the Catalog, Group, Role to that. By clicking on “New” Button you can create the Catalog, Group, Role as shown below.
6. Create Catalog, Click on Edit and Assign the customer/ Order app to Catalog as shown below:
7. Create the Group, Click on Edit and assign the customer/ Order app to that group as shown below:
8. Create a Role, Add the customer/ Order app to that Role as shown below:
9. Now there are 2 roles/Catalog/Group created as below having apps Customer/ Order.
10. We now need to assign the roles to the site. In the Site Directory, you can access your site settings by clicking on the gear icon.
11. The created Role above will be automatically created in SAP BTP Cockpit under Role Collection Section as shown below:
Step 6: – Assign the role collection to user and open the launchpad URL to view the app.
- Assign the created roles collection to user.
2. Open the URL from site provided in the site directory and try accessing the URL by the user having the roles.
3. User will be able to see the 2 apps.
4. Try accessing the apps.
5. Assign only customer role to the user
6. And try accessing the URL, user will be able to view only one app.
Conclusion: We can filter the Fiori apps based on the Roles assigned to users. Above steps are to be followed to configure roles and authorization for HTML5 fiori apps in SAP BTP.
I hope this blog post helps you during your role configuration. We look forward to your comments and feedback.
Happy Learning and please follow for more content on SAP BTP security.
Additional Links to read and follow for more such content :
https://blogs.sap.com/tags/842ea649-eeef-464c-b80c-a64b03e40158/