Freelancers
Cancel
 Sign In
Join Now

In the SAP S/4HANA Cloud, public edition, the user authorizations are hinged around the Business Catalogs.  The business catalogs are further grouped together to form the Business User Roles.  The users are assigned relevant business user roles to gain access to the desired Fiori apps.

This blog showcases the tight binding of business catalogs and business user roles and its direct impact to user’s access to a Fiori App.

Scenario

In the Starter System or the Development System, for the convenience, we all use SAP delivered business user roles. Sometimes, our users complain that a specific Fiori App cannot be found, even he/she has the right business roles assigned. And the release version is correct.  For example, when following the scope test script, we can see the Fiori App is mentioned, and the user roles are assigned correctly. Still no luck to find the Fiori App.

For the convenience of explanation, I am using a real example I just encountered this week.  I have the business role SAP_BR_ADMINISTRATOR assigned but cannot find the Customer Data Return – Extraction App in 2302 release of the SAP S/4HANA Cloud, public edition.

Let me explain my solution of solving this challenge.

Solution

To solve this problem, I am going to follow the three-step approach:

Step 1 – Find the business catalog from the SAP Fiori Apps Reference Library

The SAP Fiori Apps Reference Library is a repository for all Fiori Apps from SAP.  It can be accessed from this URL. In the Categories section, expand the All apps for SAP S/4HANA Cloud, then expand All apps. Now you can enter the App name Customer Data Return – Extraction in the Search area.

SAP%20Fiori%20Apps%20Reference%20Library

SAP Fiori Apps Reference Library

In the App Details window, select tab IMPLEMENTATION INFORMATION, expand Configuration.

Explore%20Details%20of%20a%20Fiori%20Application

Explore Details of a Fiori Application

When the window opens, scroll down almost to the end, you will see the Business Catalogs and Business Roles sections.  Here we can determine

  • The Customer Data Return – Extraction App is authorized by the SAP_CA_BC_CDR_EXT_PC business catalog
  • The SAP_CA_BC_CDR_EXT_PC business catalog is part of the SAP_BR_ADMINISTRATOR business role

Discover%20the%20Business%20Catalog%20and%20the%20Business%20Role%20of%20a%20Fiori%20Application

Discover the Business Catalog and the Business Role of a Fiori Application

Take a note of them because they are the foundation of our solution.

 

Step 2 – Search the Business Catalog within the Business User Role in the SAP S/4HANA Cloud, public edition

After determining the business user role and the business catalog, I want to find out if the user has this business catalog assigned.

Launch the Maintain Business Roles App. Find the SAP_BR_ADMINISTRATOR business role. It contains 72 business catalogs (take a note here).  Expand it. In the tab Assigned Business catalogs, search for SAP_CA_BC_CDR_EXT_PC business catalog.  I cannot find it. Aha!

Maintain%20Business%20Roles%20App

Maintain Business Roles App

Without a right business catalog assigned, the user cannot access the Fiori App authorized by this business catalog.

Why don’t I have that business catalog? You might ask.  That’s because of the timing of the business role creation.

One possible reason is that the currently being used SAP_BR_ADMINISTRATOR business role was created some time ago by copying from SAP template SAP_BR_ADMINISTRATOR. At that time, the Customer Data Return – Extraction App was not available yet, so did its associated SAP_CA_BC_CDR_EXT_PC business catalog.

Creating%20a%20New%20Business%20Role%20by%20Copying%20from%20a%20SAP%20Business%20Role%20Template

Creating a New Business Role by Copying from a SAP Business Role Template

After the SAP_BR_ADMINISTRATOR business role was created, even with the addition of new business catalogs into the SAP template SAP_BR_ADMINISTRATOR, the SAP_BR_ADMINISTRATOR business role is not automatically updated from the latest template. You only inherit those business catalogs contained in the template at that time.  So, it is short of some business catalogs or have extra business catalogs comparing with the template.  I will show you that very soon.

 

Step 3 – Sync the existing Business Role with the SAP Role Template

Now we need to add the missing business catalog(s) to the existing business role by synchronizing it with the SAP business role template.  Here is how we do it.

Launch the Business Role Templates App. Find the SAP_BR_ADMINISTRATOR business role. We notice two things:

  1. This template was changed on Sep. 20, 2022. So, if the existing SAP_BR_ADMINISTRATOR business role was created before that, the role and its template are not synchronized.
  2. This template affects two business roles.

Review%20A%20Business%20Role%20Template

Review A Business Role Template

Now let’s open this business role template by clicking on the arrow at the right.

By selecting the Business Catalogs tab, immediately we see this template contains 76 business catalogs.  It is not the same as in the current business role SAP_BR_ADMINISTRATOR which has only 72 (!) business catalogs.

List%20of%20Business%20Catalogs%20within%20A%20Business%20Role%20Template

List of Business Catalogs within A Business Role Template

By selecting the Business Roles tab, we can see two business roles use this business role template, BR_ADMINISTRATOR and SAP_BR_ADMINISTRATOR. Let’s select the SAP_BR_ADMINISTRATOR business role and click on the Compare button. This compares the business catalogs within the template with those assigned in the existing role.

List%20of%20Business%20Roles%20Based%20on%20the%20Business%20Role%20Template

List of Business Roles Based on the Business Role Template

 

The output of the comparison shows the following:

  • Some business catalogs exist in the template, but not in the SAP_BR_ADMINISTRATOR. The business catalog SAP_CA_BC_CDR_EXT_PC is one of them, which has the authorization to the usage of Customer Data Return – Extraction App. Now we found the root cause of our challenge.

Business%20Catalog%20Is%20Missing%20in%20the%20Business%20Role

Business Catalog Is Missing in the Business Role

  • By further scrolling down the content in this window, we can see some business catalogs are included in the SAP_BR_ADMINISTRATOR role, but not included in the template. This could be caused by the deprecation of the Fiori Apps.

Business%20Catalogs%20Are%20Deprecated%20in%20the%20Business%20Role%20Template

Business Catalogs Are Deprecated in the Business Role Template

After finding the root cause of the problem, we have a solution by doing either one of the following:

  • If we only concern about one business catalog, then we can select it in the column Business Role, then hit the Save This missing business catalog will be added to the existing business role.  If you go to the Maintain Business Roles App again, you will find the Business Catalog Assignment Count increased from 72 to 73.
  • If we intend to synchronize the business role with the business role template without any questions asked (not a good idea; always ask questions before doing), we can hit the Apply All.  Now the business role and its template are in a complete synchronization.

 

Conclusion

In this blog, I explained one possible cause of lack a business catalog, and how to fix it when a Fiori App cannot be found even you have the right business role(s) assigned. This usually happens when a new Fiori App is added after a system upgrade, and your business role was created some time ago.  The business role and the SAP business role template are out of sync.

Tags: SAP Activate SAP Fiori SAP S/4HANA Cloud
Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x