cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Issue with API Authorization in S/4HANA Cloud Public for Fiori App on BTP

Go to solution
sdebeaulieu
Participant

on ‎2024 Nov 18 8:37 AM

1,561

Hi SAP Community,

I'm working on extending a S/4HANA Cloud Public system by developing a Fiori application on SAP BTP. I want to avoid using a communication user for API access, so I activated the SAML Bearer Assertion option in my communication arrangement.

I successfully connected, but I encountered an authorization issue when accessing the API. Here's the error I received:

{"error":{"code":"/IWBEP/CM_V4_COS/011","message":"No authorization to access service group 'API_CONDITION_CONTRACT'","@SAP__common.ExceptionCategory":"Authorization_Error","innererror":{"ErrorDetails":{"@SAP__common.Application":{"ComponentId":"LO-AB","ServiceRepository":"SRVD_A2X","ServiceId":"API_CONDITION_CONTRACT","ServiceVersion":"0001"},"@SAP__common.TransactionId":"EC8D33BA4BA401A0E00673AAE05232B9","@SAP__common.Timestamp":"20241118080847.08386","@SAP__common.ErrorResolution":{"Analysis":"Use ADT feed reader \"SAP Gateway Error Log\" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details","Note":"See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)"}}}}}



To resolve this, I created an IAM app to assign the required services to my user. However, as far as I understand, IAM apps only work for custom services (Z*), while I need to access a standard service. When I use CTRL+Space to add OData v4 service in my IAM app, nothing is found.

I also tried adding authorization objects (e.g., s_start) in the IAM app, but I received an error saying it’s not allowed.

Additionally, I couldn’t find any business role that explicitly grants access to this API. For other APIs, such business roles are sometimes available and indicated in API documentation, but I couldn’t locate it in this case.

My goal is to ensure the API access is tied to a named user for proper traceability and authorization management.

What is the recommended way to configure this to allow access to standard APIs for a named user in S/4HANA Cloud Public?

Any guidance would be greatly appreciated!

Thank you,
Severin

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
OwenLiu
Product and Topic Expert
Product and Topic Expert
‎2024 Nov 24 5:24 AM
0 Kudos

Added Extensibility tag. Please remove other tags.

Suggest you to read below Blog for tips of getting your answers faster:

Q&A for SAP S/4HANA Cloud Public Edition - How to ... - SAP Community

Accepted Solutions (1)

Accepted Solutions (1)

AndreasMuno
Product and Topic Expert
Product and Topic Expert
‎2024 Dec 02 9:56 PM
0 Kudos

Hi @sdebeaulieu / Severin,

I understand you'd like to establish user propagation with your SAP BTP-based Fiori app you designed to extend an S/4HANA Cloud Public Edition application.

You may want to configure this extension like a custom integration with an integration scenario. This SAP Developer YouTube video might help. I forwarded it to about 32:40, where that style of side-by-side setup is highlighted with its 8 steps. Note the integration token in step 2 and the user role assignment in step 8. https://www.youtube.com/live/d1Uy5PEwbtc?si=5AQpQZlFxJlDy89k&t=1953.  

 

Show replies
Show replies
diella
Explorer
‎2025 Mar 13 3:05 PM
0 Kudos

Hi, so it's the only way to have access to certain APIs? I have also this problem and posted here: https://community.sap.com/t5/technology-q-a/getting-403-error-accessing-s-4-public-cloud-api-from-bt...

Answers (0)

Ask a Question