Skip to end of metadata
Go to start of metadata

Within the SAP Fiori apps reference library the role administrator can find the different OData service(s) where users require PFCG authorization access to.

Nevertheless, in some cases the role administrator has the Application and not the OData service to determine the role(s) that must be updated. As an example, a user’s SU53 error report might only show the Application instead of the impacted OData service. To correct the authorizations assigned to the OData service via SU24 or just to correct the authorizations within the impacted role(s) the role administrator must determine the OData service first.

Following steps can be used to determine the OData service:

  1. Execute transaction code SE16
  2. Enter table USOBHASH
  3. Within the selection field Name enter the Application 

As a result, the table USOBHASH shows the relation between the technical elements Application (Name), Program ID (PgID), Object Type (Obj.), OData service and Version (Object Name)


The information from table USOBHASH can now be used to determine the impacted role(s).

  1. Execute transaction code SE16
  2. Enter table AGR_HIERT
  3. Within the selection field Node Test enter the information from table USOBHASH as described here Program ID*Object Type*OData service*Version



The next screenshot shows to which role the OData service has been assigned


The information found can now be used to update the authorizations within the role or to update the OData service via transaction code Su24.




(Example for OData service HCM_MY_PAYSTUPS_SRV)