2024 Jul 18 9:51 PM - edited 2024 Jul 18 9:52 PM
We are trying to adapt the Fiori app Manage Sales Orders (F1873) and remove some of the Action links that show up when clicking on a sales order:
Using key-user Adapt UI we can hide the links but the user can put them back and click on them. We tried Adaptation project in BAS, same thing, it does not remove the actions completely.
How do we remove these links?
Thanks
Hi Ramin,
App-to-app navigation links are controlled by authorizations. If you are seeing too many links you have too much authorization.
You only see links if you have the authorization to launch the app listed in the link.
I strongly recommend to all customers that they have proper test users with realistic authorizations. This saves a lot of misunderstandings and unnecessary work.
You can generate test users from SAP Business Roles using task list SAP_FIORI_CONTENT_ACTIVATION.
Best
Jocelyn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jocelyn, thanks for your response. We do have test users with proper authorizations. But the navigation links still show up.
When the user clicks on a link like VA02, it brings up the VA02 but the authorization stops them from changing anything. It's just bad UX to give them the links, allow them to navigate and enter data, then say you are not authorized to do this.
Hi Ramin. I can guarantee your role design is incorrect. Your security person may have only half done their job. You cannot just make changes to auth objects deep in PFCG. You need to consider the whole business role design - ie the business catalogs assigned to the role and therefore to the application groups of the role. They need to be using Launchpad Content Manager Client-Specific alongside PFCG. I would also suggest they run program PRGN_COMPARE_ROLE_MENU against the role as this would highlight misaligned authorisations. By the way I’d be interested to know where this ends up. Half-granted access - where an app shows up but can’t be used - is a clear sign of misaligned authorizations.
What we found out is that the "Action Links" (ie. app-to-app navigations) are determined by the target-mappings that are available in the user's BC. Since we copied SAP's Internal Sales BC to our Z BC, it copied over all kinds of target mappings for display, create and change of Sales Orders. Even though we had removed the Create and Change tiles, the create/change target mappings still remained in the BC. It's sometimes not clear which target mappings are related to which tiles, some functions have multiple target mappings like "create", "createSingle", "createFromQuote", etc.
Once we removed all the related create and change target mappings from our Z BC, the action links disappeared in the popup.
I guess the misunderstanding is due to the different terminology and team setup we use. You see, in transition from traditional ECC environment to Fiori, our Development and Security teams have the following setup. (And this is pretty common among all public sector clients around here):
The Security team needs to be a separate entity from Fiori UX team, and they are responsible for all roles/authorizations in Fiori and SAPGUI. No one in Fiori UX team is allowed access to PFCG or SU01 or other security related transactions. And the security team does not get involved in the design of catalogs and apps, they just control access, they don't get involved in business requirements or design.
So what you refer to "whole role design" is really divided into two processes:
These are two completely separate teams and separate processes.
So the case of this question, if the Action Links are controlled by target-mappings in the BCs, then it's our team (the Fiori UX dev team) that can remove them from the BC's and set up the action links based on user requirements. But if the Action Links are driven by roles/authorizations, then it becomes a Security team's task who only work with PFCG, SU24, etc.
On the same topic, do you know how we can remove Cards from an Overview page?
My Sales Overview (F2200) has a few cards that we need to remove, as they are not relevant to our users. If we do Adapt UI and hide those cards, the end-user can just go in Manage Cards and bring them back:
End-users don't have Adapt UI option, but they have Manage Cards which allows them to unhide what has been hidden by the key-user adaptation.
As far as I know, the cards inside an OVP are not controlled by target-mappings. The navigation from cards are, but not the visibility of the cards. Is there a way to remove cards so the users can't bring them back?
Thanks
User | Count |
---|---|
79 | |
11 | |
10 | |
10 | |
10 | |
8 | |
7 | |
7 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.