Dashboard Authorizations

OCC, Tactical and Operation dashboards in SAP Focused Run are used to display, mix and organize metrics coming from different use cases/applications (like System Monitoring or Real User Monitoring).

In order to be able to configure and display Dashboard instances, two sets of roles are needed:

Hence, if a user has enough authorizations to display the underlying use case data, then he will be able to display the same metrics in a Dashboard provided (s)he has access to the specific instance.

The Tactical, OCC and Operation Dashboards are part of the "Advanced Analytics & Intelligence" group accessible in the SAP Focused Run Launchpad.

The access to this SAP Fiori Group is granted by the SAP_FRN_FLP_GRP_ANA_MGMT role.

Individual access to the Tactical, OCC and Operation Dashboards is granted by additional roles described in the next section.

Three type of users are defined in the context of the Dashboards:

  • Display
  • Administrator
  • Configurator

Display Users

Display Users can use the following roles to ensure they have access to individual Dashboards:

  • SAP_FRN_FI_TACTICAL
  • SAP_FRN_FI_OCC
  • SAP_FRN_FI_OPE

These roles contain the authorization objects needed to start the application from the launchpad and must be adjusted to enable the access to specific pages since they are delivered with authorization fields with empty values.

The FRN_AAI_ID authorization object controls and restricts the access to individual Public Pages and is used in all the SAP_FRN_FI* roles.

The FRN_AAI_ID includes the following fields:

  • Field PAGEID
    • Used to filter the Public Page access based on its ID, e.g. 98F2B3032C971EDABE81E8F644CD6331
    • The Page ID of a public page can be retrieved by using the "Share Current Page" button in the Dashboard Header.



  • Field USECASE
    • Used to filter the Dashboard Access (possible values fioccfitac or fiope) 

Display users can only display authorized public pages. All the functionalities in the personalization pane are disabled and custom pages creation is not possible (i.e. the "+" button is not available).

  • Field ACTVT (starting with Focused Run 4.0 SP00)
    • Used to define the type of access for the pages listed in the PAGEID field
    • For display users the value is 03 (Display) 

Administrators

Administrators are allowed to create and manage (create, delete and update) all private and public pages.

The following role is available for Administrator users:

  • SAP_FRN_FI_ADMIN

This role can be used to create or delete new instances and modify the personalization settings of existing pages. It includes additional authorizations to execute specific test reports.

FRN_AAI_ID authorization object in this role includes the following field values:

  • PAGEID = * (all the pages are considered)
  • USECASE = fitac, fiocc, fiope (all the Dashboards types)
  • ACTVT = 70 (all the pages can be edited)

Administrators can modify and delete public pages assigned to all Customer Networks. They can be considered a Cross Customer Network administration role.

Configurators

Configurators are allowed to create and manage (create, delete or update) private and public pages for which they have explicit access.

The following role is available for Configurator users starting with Focused Run 4.0 SP00:

  • SAP_FRN_FI_CONFIG

This role can be used to create or delete new instances and modify the personalization settings of existing pages.

The Configurator role must be adjusted to enable the access to specific pages since it is delivered with an authorization field with empty values.

FRN_AAI_ID authorization object in this role includes the following standard field values:

  • PAGEID = EMPTY (must be configured to grant access to specific pages)
  • USECASE = fitac, fiocc, fiope (all the Dashboards types)
  • ACTVT = 70 (pages listed in the PAGEID field can be edited)

Mapping pages to Customer Networks

Starting with Focused Run 4.0 SP00 it is possible to map public pages to Customer Networks.

When this is done, all the users belonging to the mapped network will be able to access the page. The kind of access depends on the ACTVT field value specified in the FRN_AAI_ID authorization object.

Customer Network mapping is accessible from the Page Personalization section of the Personalization view.

Only Customer Networks assigned to the current user (via the LMDB_CN authorization object) will be visible in the drop down menu.