Below will be a typical case how we determine and trace a user authorization failure for Fiori / S4

Case 1: user LEO1 login to Fiori Launchpad and try to click any tiles

5722b0dc20246.png

5722b147a545f.png
5722b14e2a474.png

Below will be a typical case how we determine and trace a user authorization failure for Fiori / S4 Case 1: user LEO1 login to Fiori Launchpad and try to click any tiles ![5722b0dc20246.png](serve/attachment&path=5722b0dc20246.png) ![5722b147a545f.png](serve/attachment&path=5722b147a545f.png) ![5722b14e2a474.png](serve/attachment&path=5722b14e2a474.png)

Project 'Clam' founder

run /IWFND/ERROR_LOG

5722b191c0c5a.png

run /IWFND/ERROR_LOG ![5722b191c0c5a.png](serve/attachment&path=5722b191c0c5a.png)

Project 'Clam' founder

Run ST01 trace for LEO1

5722b1c9673a0.png

Run ST01 trace for LEO1 ![5722b1c9673a0.png](serve/attachment&path=5722b1c9673a0.png)

Project 'Clam' founder

Trace in Fiori server did not show any authorization failures

5722b224bbe35.png
5722b22a857a2.png

Trace in Fiori server did not show any authorization failures ![5722b224bbe35.png](serve/attachment&path=5722b224bbe35.png) ![5722b22a857a2.png](serve/attachment&path=5722b22a857a2.png)

Project 'Clam' founder

Go to backend S4 to enable the ST01 security trace

Note: since S4 has 3 application servers, so from Fiori to backend S4 it goes via logon group load balancing, so it could hit any of these 3 servers.

We'll have to enable the trace on all 3 S4 app servers.

Go SM51 to choose servers

5722b46f49012.jpg

Enable trace

5722b478c6159.jpg

Go to backend S4 to enable the ST01 security trace Note: since S4 has 3 application servers, so from Fiori to backend S4 it goes via logon group load balancing, so it could hit any of these 3 servers. We'll have to enable the trace on all 3 S4 app servers. Go SM51 to choose servers ![5722b46f49012.jpg](serve/attachment&path=5722b46f49012.jpg) Enable trace ![5722b478c6159.jpg](serve/attachment&path=5722b478c6159.jpg)

Project 'Clam' founder

So when LEO1 gets authorization errors again, we checked the trace on one of the app servers, and RC=4 means this user is missing authorization S_SERVICE

5722b4f79a09a.jpg

So when LEO1 gets authorization errors again, we checked the trace on one of the app servers, and RC=4 means this user is missing authorization S_SERVICE ![5722b4f79a09a.jpg](serve/attachment&path=5722b4f79a09a.jpg)

Project 'Clam' founder

Considering LEO1 is a developer, so we have no concerns to assign full access of S_SERVICE to the developer role

5722b55d427ea.jpg

5722b56505bee.jpg

Considering LEO1 is a developer, so we have no concerns to assign full access of S_SERVICE to the developer role ![5722b55d427ea.jpg](serve/attachment&path=5722b55d427ea.jpg) ![5722b56505bee.jpg](serve/attachment&path=5722b56505bee.jpg)

Project 'Clam' founder

Now please remember to ask LEO1 to refresh the webpage by CTRL+F5, and reload the Fiori pages.

How LEO1 is able to click the tiles without errors!

5722b601531ef.jpg

Now please remember to ask LEO1 to refresh the webpage by CTRL+F5, and reload the Fiori pages. How LEO1 is able to click the tiles without errors! ![5722b601531ef.jpg](serve/attachment&path=5722b601531ef.jpg)

Project 'Clam' founder

1.2k
views
7
replies
0
followers
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft