cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting Enterprise Search - S_ESH_CONN

KevinV1
Explorer

on ‎2025 Feb 13 7:59 AM

0 Kudos
259

Trying to restrict the enterprise search in Fiori but is getting bypassed by something, could be a parameter setting? S_ESH_CONN was already restricted to select connector ID's, no other roles provides this object.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
ander_gonzalezdemiguel
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 14 2:32 PM
0 Kudos

Hi Kevin,

Authorization object S_ESH_CONN applies only to the 'classic' ESH connectors.

CDS-based connectors are controlled by auth. object SDDLVIEW field DDLSCRNAME.

See also note 
3234175 - Restricting the display of Search Connectors in central search dropdown of S/4HANA On-premise system Fiori Launchpad

I copy an excerpt below:

CDS-based Search Models: 
The authorization object SDDLVIEW has 3 different fields: DDLNAME, DDLSRCNAME and ACTVT.

  • Field ACTVT represents the different activities like create, change or display. For search only the display activity (=03) is relevant. That means the value of this fields is always “03”.  
  • Field DDLNAME is not relevant for enterprise search.  
  • Only DDLSRCNAME allows to specify which enterprise search CDS views and/or CDS view entities (= Search Models) are relevant for the user role. The names of the CDS views and/or CDS view entities can be listed separated by the separator “,”. 
    In DDLSRCNAME, CDS view names and/or CDS view entity names should be listed explicitly. Any usage of a placeholder value like “*” in DDLSRCNAME can result in 150-300 and more entries in the dropdown box, causing a drastically slow search performance.  

 

Show replies
Show replies
KevinV1
Explorer
‎2025 Feb 17 12:00 AM
0 Kudos
Hi Ander, Yes, I've deactivated authorization object SDDLVIEW during testing. What's throwing me off is different environment is behaving as expected when restricting via S_ESH_CONN. It's working as expected in Dev, but moving to QAS, everything gets listed.
ander_gonzalezdemiguel
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 17 8:42 AM
0 Kudos
Hi Kevin, you need to determine what type of ESH connectors you have. You can see them in transaction ESH_COCKPIT or directly in table ESH_ADM_STATUS.
KevinV1
Explorer
‎2025 Feb 17 8:46 AM
0 Kudos
Hi Ander, Yes, I've only selected a few connectors and maintained them in the role. I'm considering deactivating unwanted connectors entirely in the ESH cockpit but not sure of the impact.
ander_gonzalezdemiguel
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 17 8:46 AM
0 Kudos
Hi Kevin, you need to determine what type of ESH connectors you have. You can see them in table ESH_ADM_STATUS or in transaction ESH_COCKPIT (here you can also see the description of each connector, as it will show in Fiori). Any connector starting with CD$ is a CDS connector governed by SDDLVIEW. Any connector starting with <SID><client> is a classic connector governed by S_ESH_CONN. Knowing that, please check what type of connectors you have in each system, and what authorizations, to make sense of it. to reiterate: S_ESH_CONN only controls classic connectors and SDDLVIEW only controls CDS connectors.
ander_gonzalezdemiguel
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 17 8:49 AM
0 Kudos
to answer your other question, if you deactivate a connector in ESH_COCKPIT, that connector is not available for searching anymore, and it won't appear in the Fiori search drop down. A search on All on Fiori will not search on that connector. The system will behave as if you had deleted the connector, but it is not deleted, just deactivated.
KevinV1
Explorer
‎2025 Feb 18 1:20 AM
0 Kudos
Thanks Ander. As long as it does not affect any fiori apps then it should be fine for deactivation. Thank you for your inputs on this.
ander_gonzalezdemiguel
Product and Topic Expert
Product and Topic Expert
‎2025 Feb 18 12:44 PM
0 Kudos
Hi Kevin, there is a little caveat. Some ESH connectors are required by some Fiori Apps. You can find the library with all the Fiori apps here: https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/. In any app, go to the Implementation Information tab -> section Configuration. If the app requires a search connector in order to work, it will be listed here. For example, the app for Document Info Record (https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F0641')/W13) In the configuration section you can see that it required search connector DOCUMENT_MODEL_H from software component SAPAPPLH. So depending which connectors you are going to deactivate, check the library for the apps that your users are using, and make sure that the connector is not required by the app(s)
Ask a Question