-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup SAP S4 Hana on-premise system
192 lines (119 loc) · 6.48 KB
/
setup SAP S4 Hana on-premise system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
# Setup of the SAP S/4HANA on-premise System
## Introduction
In this section we learn how to activate an API oData service in a SAP S/4HANA on-premise system, create a user and assign the necessary roles and authorization objects.
**Persona:** S/4HANA Administrator
## Step-by-Step
***Hint:** The following screenshots are done with SAP GUI 7.50 - by using SAP GUI 7.60 the usage could differ e.g tick button instead of a continue button etc.*
### Activate oData Service
1. Logon S/4HANA system using SAP GUI with your adminstrator user.
2. Call transaction /n/IWFND/MAINT_SERVICE.
3. Click on **Add Service**
4. In the Add Service screen enter the following values:
1. System Alias = LOCAL
2. Technical Service Name = API_BU*
3. Press enter - you should see the API_BUSINESS_PARTNER in the list box.
5. Check the box of API_BUSINESS_PARTNER and click on **Add Selected Service**
6. The **Add Service** screen opens
1. Specify **Package Assignment** e.g. $TMP by clicking on Local Object
2. Enable the checkbox for **Enable OAuth for Service**
3. Click on Continue to activate the changes
4. Click on Continue to confirm the message box
**Result:** The API_BUSINESS_PARTNER is now activated and you can leave the transaction.
### Create User and assign Roles and Authorization Objects
#### **A: Create User**
In this section we will create a new user in the SAP S/4HANA system and assign the SAP_BR_BUPA_MASTER_SPECIALIST role to him.
1. Call Transaction SU01
1. Enter a user ID
2. Click on Create
2. Do the following:
1. Select the **Address** tabulator
2. Set the **Last name**
3. Set a valid e-mail address.
***Important:** this email is the principal for the SSO communication that we will configure in a later section*
4. Select the **Logon Data** tabulator.
3. Logon Data Tabulator:
1. Select User Type = System
2. Set a Password
3. Repeat the Password
4. Select the Roles Tab
4. Roles Tabulator:
1. Select the first empty row in the the Roles list and click on add Roles
5. Find Role
1. In the Single Role field enter **SAP_BR_BUPA\***
2. Click on Enter
6. Role Selection:
1. Select the SAP_BR_BUPA_MASTER Specialist role
2. Click on enter/copy.
***Hint:** This role is necessary to get access to the Business Partner data and the Business Partner Fiori application*
7. Maintain Users:
1. Click on Save
#### **B: Create Authorization Object for oData service**
In this section we generate a custom authorization object which is necessary to give the user access to the Gateway and to the Business Partner oData service.
1. Call Transaction PFCG
1. Enter a new Role name
2. Click on Single Role
2. Set Authorizations
1. Click on Save
2. Select the Authorization tabulator
3. Click the icon at **Change Authorization Data**
3. Choose Template
1. Select the Template for Gateway users (/IWFND/RT_GW_USER)
2. Click **Apply Template** and click on **Save**
4. Click on Status and then **Execute** to assign the Authorization
5. Click on Generate (Shift+F5)
6. Menu
1. Select the Menu tabulator
2. Click on Transaction and select **Authorization Default**
7. Set Service
1. Select **TADIR Service** as Authorization Default - since SAP S/4HANA version 2020 select **IWSG SAP Gateway: Service Groups Metadata** and skip step 2
2. Select **IWSG SAP Gateway: Service Groups Metadata** as Object Type
3. Open the Object list
8. Object List
1. Select the object ZAPI_BUSINESS_PARTNER_0001
2. Click on confirm button
9. Copy the TADIR service to the Menu and press save.
10. User Setup
1. Save the Authorization Object
2. Select the User tabulator
3. Enter or select the user ID you have created in section A
4. Click on **User Comparision**
11. Complete Comparion
12. Click on Save and you have finished the setup of the user profile
***Hint:** If the Authentication tabulator turns to red, select this tabulator and select again **Change Authorization Data** - click again on Generate (Shift+F5) - Click on Save*
### Test the API_BUSINESS_PARTNER_SRV
To see if the setup was done correctly call the Business Partner API with the new user.
* Call Transaction /N/IWFND/MAINT_SERVICE
1. Double-click on ZAPI_BUSINESS_PARTNER
2. Click on Call Browser
Hint: If you use a CAL system, kindly check and use the relevant IP address instead of the default system host name as the host name has to be resolvable by the browser.
* Enter the credentials of the user we have created. You should then see the structure of the BusinessPartner oData service.
* Change the end ot the URL to ..../sap/API_BUSINESS_PARTNER/A_BusinessPartner/?$format=xml. You should now see a list of Business Partners.
This completes this mission section.
## Summary
You have activated an API in the S/4 on-premise system and created a user with the necessary roles for CRUD operations of Business Partner data and to access the API_BUSINESS_PARTNER_SRV oData service.
***Hint:** the simplest way for adding additional users with the same roles is just to copy this user profile in the SU01 transaction*
[see also SAP Help: Activate and Maintain Services](https://help.sap.com/viewer/68bf513362174d54b58cddec28794093/202009.002/en-US/bb2bfe50645c741ae10000000a423f68.html)