Overview Depending on the perspective, different authorizations are required; we essentially distinguish between these three roles here:
|
1. Authorizations for S10 user The logon to an S10 application is always performed with the respective SAP user name. The user must have the authorization to execute the transaction /S10/MAIN. Further authorizations must then be checked in the respective ABAP class by the developer. Checking a specific role If the parameter "role=" is set when specifying the S10 license, the S10 Framework additionally checks whether this role has been assigned to the user in the SAP system when the user logs on. If this is not the case, logon is not possible: * set S10 license s10setlicense( 'Demo license number=100 role=s10demo_role maxusers=10 signature=1.2.3' ). Example of own authorization check: You can check standard SAP authorization objects in an S10 class or also self-created ones, as in this example. If the authorization check is not successful, the S10 Framework issues an error message at the frontend and terminates further processing at this point in the coding: * Use a self defined authority object authority-check object 'Z_S10_BARC' id 'ACTVT' field '10'. * not authorized -> message to user and stop processing if sy-subrc <> 0. s10errormessage( exporting msgid = 'CACSIB' msgno = 503 ). endif. |
2. Authorizations for S10 developers The development of S10 applications follows the MVC (Model View Controller) principle. The application logic is essentially implemented in an ABAP class. For this the developer needs appropriate authorizations. The views are realized in HTML and then stored in the MIME repository, which in turn requires the authorizations to change these objects. Here you can see the minimum necessary permissions for this, with no restriction set to specific development objects in this example: |
3. Authorizations for S10 administrators Different authorizations are required for the installation, configuration and monitoring of the S10 Framework, depending on which tasks are to be performed and to what extent. Basically, the S10 components have to be transported into the system during installation (TA STMS). In addition, there are a number of transactions and tools for the administration of the applications, e.g. the application log, system trace, ICM monitor and the administration of the Fiori Launchpad. For more information, see the chapter "Useful SAP transactions". |
Component S10 Framework |