4.1 FAB Security Roles

Certain authorisation objects are required on the Backend and Frontend servers in addition to the application roles required for the specific FAB app. The roles are attached in this guide and can be used to upload or create the roles in the respective customer systems.

End User Roles - these are the roles needed by all users that will be accessing Apps created by FAB

  1. Gateway
    Role name: /IQX/END_USER_GW 
  2. ECC
    Role name: /IQX/END_USER


Further variants of the roles can be created if your requirement is to limit a particular FAB related oData Service a user can access. This limitation can be set in the service name in the object S_SERVICE

Development / Cutover Roles - roles required by the FAB developers / consultants to configure FAB (i.e. using /IQX/FAB_CONFIG) or develop and App using the FAB workbench (/IQX/FAB).


FAB Developers will need the customer defined roles for ABAP maintenance and a corresponding developer's access key (e.g. create class). Customer defined roles for ICF maintenance will also be required (i.e. create, maintain and activate services)

  1. Gateway and ECC
    Role name: /IQX/CONFIG

Support Roles - roles for users performing support tasks in production environment.

  1. Gateway and ECC
    Role name: /IQX/SUPPORT