cancel
Showing results for 
Search instead for 
Did you mean: 

How to you remove Action links in Adapt UI

RaminS
Active Participant
0 Kudos
644

We are trying to adapt the Fiori app Manage Sales Orders (F1873) and remove some of the Action links that show up when clicking on a sales order:

RaminS_0-1721335663151.png

Using  key-user Adapt UI we can hide the links but the user can put them back and click on them. We tried Adaptation project in BAS, same thing, it does not remove the actions completely.

How do we remove these links? 

Thanks

 

Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert

Hmmmm… ok RaminS. That’s interesting and very helpful to understand how your team is organised. In that case they would need to work together on the holistic role design, maintenance and support. They also need some crossover tools as BR/BC changes directly impact security roles, and authorizations impact on BR & app behaviour.  Without having some oversight there is a high risk of wasted time in resolving issues.  Launchpad content aggregator would be a possible crossover tool for security to check what is assigned to the business role.  App Support would be of some help in the other direction as it tracks some auth issues.  I might have to check with my security auth experts on other read only tools that would give some oversight for the Fiori team to cross check authorizations. Possibly one of the SACM simulation tools.  I’ll think about it. 

View Entire Topic
Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Ramin,

App-to-app navigation links are controlled by authorizations. If you are seeing too many links you have too much authorization.  

You only see links if you have the authorization to launch the app listed in the link. 

I strongly recommend to all customers that they have proper test users with realistic authorizations. This saves a lot of misunderstandings and unnecessary work. 

You can generate test users from SAP Business Roles using task list SAP_FIORI_CONTENT_ACTIVATION. 

Best

Jocelyn 

RaminS
Active Participant
0 Kudos

Hi Jocelyn, thanks for your response. We do have test users with proper authorizations. But the navigation links still show up.

When the user clicks on a link like VA02, it brings up the VA02 but the authorization stops them from changing anything. It's just bad UX to give them the links, allow them to navigate and enter data, then say you are not authorized to do this.

 

RaminS_0-1721388681745.png

RaminS_0-1721388808211.png

 

 

 

 

 

Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Ramin. I can guarantee your role design is incorrect. Your security person may have only half done their job. You cannot just make changes to auth objects deep in PFCG. You need to consider the whole business role design - ie the business catalogs assigned to the role and therefore to the application groups of the role.  They need to be using Launchpad Content Manager Client-Specific alongside PFCG.  I would also suggest they run program PRGN_COMPARE_ROLE_MENU against the role as this would highlight misaligned authorisations. By the way  I’d be interested to know where this ends up.  Half-granted access - where an app shows up but can’t be used - is a clear sign of misaligned authorizations.  

RaminS
Active Participant
0 Kudos

What we found out is that the "Action Links" (ie. app-to-app navigations) are determined by the target-mappings that are available in the user's BC. Since we copied SAP's Internal Sales BC to our Z BC, it copied over all kinds of target mappings for display, create and change of Sales Orders. Even though we had removed the Create and Change tiles, the create/change target mappings still remained in the BC. It's sometimes not clear which target mappings are related to which tiles, some functions have multiple target mappings like "create", "createSingle", "createFromQuote", etc. 

Once we removed all the related create and change target mappings from our Z BC, the action links disappeared in the popup.   

Jocelyn_Dart
Product and Topic Expert
Product and Topic Expert
0 Kudos
Hi Ramin S, Perhaps I wasn't clear... your end resolution is exactly what I was recommending to you ... you have to look at the WHOLE role design including the business catalogs. You should also use the Launchpad App Manager or Launchpad Content Manager Client-Specific to find the related tiles/TMs using the Semantic Object. You could also look at my recent blog for more assistance, i.e. SAP Fiori for SAP S/4HANA - Upgrade Faster - More use cases for the Launchpad Content Aggregator
RaminS
Active Participant
0 Kudos

I guess the misunderstanding is due to the different terminology and team setup we use. You see, in transition from traditional ECC environment to Fiori, our Development and Security teams have the following setup. (And this is pretty common among all public sector clients around here):

RaminS_0-1721739445453.png

The Security team needs to be a separate entity from Fiori UX team, and they are responsible for all roles/authorizations in Fiori and SAPGUI. No one in Fiori UX team is allowed access to PFCG or SU01 or other security related transactions. And the security team does not get involved in the design of catalogs and apps, they just control access, they don't get involved in business requirements or design.

So what you refer to "whole role design" is really divided into two processes:

  1. Fiori UX team (our team) develops custom apps or adapts SAP apps, maintains catalogs, target mappings, spaces and pages (using AppManager, Content Manager, and all the tools you mentioned)
  2. Then passes it on to Security team to build business roles and authorizations, and assign roles to end users (using PFCG, SU01,...)

These are two completely separate teams and separate processes.

So the case of this question, if the Action Links are controlled by target-mappings in the BCs, then it's our team (the Fiori UX dev team) that can remove them from the BC's and set up the action links based on user requirements. But if the Action Links are driven by roles/authorizations, then it becomes a Security team's task who only work with PFCG, SU24, etc.

 

 

RaminS
Active Participant
0 Kudos

On the same topic, do you know how we can remove Cards from an Overview page?

My Sales Overview (F2200) has a few cards that we need to remove, as they are not relevant to our users. If we do Adapt UI and hide those cards, the end-user can just go in Manage Cards and bring them back:

RaminS_0-1721763151583.png

End-users don't have Adapt UI option, but they have Manage Cards which allows them to unhide what has been hidden by the key-user adaptation. 

RaminS_0-1721763081098.png

 

RaminS_0-1721763129440.png

As far as I know, the cards inside an OVP are not controlled by target-mappings. The navigation from cards are, but not the visibility of the cards. Is there a way to remove cards so the users can't bring them back?

Thanks