SAP Digital Vehicle Hu

PUBLIC
2023-08-28
Administration Guide for SAP Digital Vehicle Hub

© 2023 SAP SE or an SAP affiliate company. All rights reserved.
THE BEST RUN

Content
1 Document History. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Technical Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1 Browsers and Browser Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Other Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
4 Onboarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
4.1 Onboarding to SAP Business Network Asset Collaboration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.2 Onboarding to SAP Digital Vehicle Hub. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.3 Onboarding to SAP Telematic Data Configurator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5 Connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.1 Connecting to SAP Analytics Cloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.2 Connecting to SAP Event Mesh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3 Connecting to SAP S/4HANA On-Premise System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installing and Configuring Cloud Connector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
SAP S/4HANA: Activating OData Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
SAP S/4HANA: Creating a Role for the Technical Communication User. . . . . . . . . . . . . . . . . . . . 21

SAP S/4HANA: Creating a Communication User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
SAP Business Technology Platform: Creating and Configuring a Destination. . . . . . . . . . . . . . . . 22
Whitelisting of IP Address of SAP Business Technology Platform. . . . . . . . . . . . . . . . . . . . . . . . 29
5.4 Connecting to SAP Internet of Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.5 Connecting to Data Aggregator (Otonomo). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
5.6 Connecting to AWS IoT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.7 Connecting to SAP Cloud ALM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
6 User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
6.1 Defining Role Collections and Assigning them to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Defining and Bundling Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Assigning Role Collections to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Defining and Bundling Roles and Assigning Role Collections to Users in Telematic Data
Configurator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

2 PUBLIC Content
1 Document History
Provides details about the changes made in each version of this document.
Document Version Comment
2308 This administration guide describes the steps you need to

perform as an administrator to set up and run SAP Digital
Vehicle Hub.

Document History PUBLIC 3
2 Overview
About This Guide
This administration guide describes the steps you need to perform as an administrator to set up and run SAP
Digital Vehicle Hub. It covers application-specific information only. For general information about SAP Business
Technology Platform, see the documentation on SAP Help Portal at https://help.sap.com/CP.
This guide addresses the following target audience:
• System administrators
• Key users
About SAP Digital Vehicle Hub
For more information about using the functions and features provided by SAP Digital Vehicle Hub, see SAP
Digital Vehicle Hub Application Help.

4 PUBLIC Overview
Overview PUBLIC 5
3 Technical Prerequisites
Before you start to use SAP Digital Vehicle Hub, check the requirements and recommendations in this section.
3.1 Browsers and Browser Settings
This application supports the standard browsers supported by SAP BTP. For more information, see the related
chapter in the Feature Scope Description for SAP BTP, Cloud Foundry, ABAP, and Kyma Environments.
For UIs of the platform itself, such as the web-based administration interface for SAP Business Technology
Platform, the following browsers are supported on Microsoft Windows PCs and, where mentioned below, on
macOS:
Browser Versions
Google Chrome Latest version
Mozilla Firefox Extended Support Release (ESR) and latest version
Microsoft Internet Explorer 11
Microsoft Edge Latest Current Branch for Business
Safari Latest two versions (for macOS only)
3.2 Other Prerequisites
To use SAP Digital Vehicle Hub, you need an SAP identity provider or any other identity provider that supports
SAML2.0.

6 PUBLIC Technical Prerequisites
4 Onboarding
Prerequisites
• You have set up your global account and subaccount. For more information, see Managing Global Accounts
Using the Cockpit and Managing Subaccounts Using the Cockpit.
• You are assigned the Administrator role for the global account.
For more information about the onboarding process, see the SAP BTP documentation under Subscribe to
Multitenant Applications Using the Cockpit.
4.1 Onboarding to SAP Business Network Asset

Collaboration
Onboarding Users to SAP Network Asset Collaboration. This section covers the details about setting up a
global account and subscribing to the SAP Network Asset Collaboration solution within the global account.
 Note
To unsubscribe the relevant business applications from your subaccount, click on the Unsubscribe button
on the relevant business application tile. For this unsubscription request to be approved, open an incident
with appropriate application component and engage with SAP support using the link below: https://
www.sap.com/support.html#support-portal . The incident should have details of the Subaccount
Details Subdomain name from which the business application must be unsubscribed and also the
products that you wish to unsuscribe.
The table below provides details about the application and its corresponding component:
Application Component
SAP Business Network Asset Collaboration SBN-AIN-OPS
 Note
Prior to unsubscribing SAP Business Network Asset
Collaboration, you must unsubscribe SAP Digital Vehi
cle Hub.
If you do not raise the incident or confirm the ticket, it is autoconfirmed after 14 days. Then all the customer
relevant data is deleted after auto-confirm.

Onboarding PUBLIC 7
To set up the global account and use the solution, you can choose to use one of the options below:
• SAP Business Network Asset Collaboration Setup: Automated Service

• SAP Business Network Asset Collaboration Setup: Manual Steps
Tenant Types: Purpose

8 PUBLIC Onboarding
Landscape Setup: Example
Related Information
Onboarding the Organization

Roles for SAP Intelligent Asset Management FLP
Configuring Trust Configuration (IDP) - Related Links
4.2 Onboarding to SAP Digital Vehicle Hub
Onboarding users to the SAP Digital Vehicle Hub solution.
This section describes how to onboard to the SAP Digital Vehicle Hub solution within your global account.
 Note
The SAP Digital Vehicle Hub solution is available in Europe EU10 (Frankfurt) - AWS region.
 Remember
• It is mandatory for users to perform the onboarding activities mentioned in the topic.

Onboarding PUBLIC 9
 Note
Only tenant type Production is applicable for onboarding to SAP Digital Vehicle Hub.
• Other mandatory activities include:

• Creating Subaccounts
• Subscribing to Intelligent SAP Intelligent Asset Mangement Solutions
• Setting User Authorization
• Accessing APIs of SAP Intelligent Asset Management Solutions
• Subscribing to the other applications and accessing APIs of the SAP Intelligent Asset Management
solutions are optional and depends on the license purchased.
Subscribing to SAP Digital Vehicle Hub
You can subscribe to SAP Digital Vehicle Hub only if you have a subscription to the Premium Plan of SAP
Business Network Asset Collaboration with Production tenant type.
Context
This activity enables you to access the UI applications of the SAP Digital Vehicle Hub solution.
Procedure
1. Within your global account, you need to create a subaccount from where you subscribe to the SAP Digital
Vehicle Hub app. Navigate to Subaccounts New Subaccount .
2. Navigate to your subaccount under the global account in the SAP Business Technology Platform cockpit.
3. Choose Service Marketplace in the navigation area.
4. On the service marketplace screen, expand the All Types dropdown list and select Application.
All purchased solutions of SAP Digital Vehicle Hub are displayed as tiles. Following are the list of tiles:
Business Application Tiles
SAP Digital Vehicle Hub SAP Digital Vehicle Hub for Production Landscape
SAP Digital Vehicle Hub Preview SAP Digital Vehicle Hub for Preview Landscape
SAP Digital Vehicle Hub Test SAP Digital Vehicle Hub for Test Landscape
5. Choose the tile you want to subscribe. The overview and application plans of the business application are
displayed.
6. To subscribe, choose Create.
Once the business application subscription is activated, it is displayed in the Instances and Subscription
section of the navigation area in the cockpit.

10 PUBLIC Onboarding
Accessing APIs of SAP Digital Vehicle Hub
Prerequisites
1. You have administrative privileges at the global account and the subaccount level.
2. You have subscribed to the SAP Digital Vehicle Hub solution to be used within the subaccount.
Context
This activity enables you to access the APIs of the SAP Digital Vehicle Hub solution that you have subscribd to.
You need credentials to access APIs. To obtain these credentials, you need to perform the following tasks:
1. Create an Organization : To use the subaccout, you must create an organization.

2. Allocate quota for business application: Before you can start using your application runtime, you need to
manage your entitlements and add quotas to your subaccount. As a global account administrator, you
have the privileges to allocate the required business application quota for the subaccount. Quota allocation
enables the distribution of the solution across subaccounts according to the project requirements.
3. Create a Space: A space is required to provide users with shared access to the solution.
4. Create a service instance and service key: Create a service instance to retrieve the credentials required to
access APIs of the business application. After the service instance is created, generate the service key to
get the client credentials.
Procedure
1. Create an organization using the following substeps:

1. Open your global account in the SAP Business Technology Platform cockpit.
2. Choose the required subaccount. The Overview page appears.
3. Choose Enable Cloud Foundry in the Cloud Foundry block. The Create Cloud Foundry Organization
screen appears with the recommended organization name.
4. Use the recommended name or enter a new name for your organization.
5. Choose Create.
2. Allocate a quota for business applications using the following substeps:
1. Open your global account in the SAP Business Technology Platform cockpit.
2. In the navigation area, choose Entitlements. The entitlements page appears with the Subaccounts
mode selected by default.
3. In the dropdown box, select the subaccount.
4. Choose Go. The solutions entitled for the subaccount are listed in a table. Based on the business
applications you have subscribed to, the system displays the following tiles:
Tile Name Purpose
SAP Digital Vehicle Hub SAP Digital Vehicle Hub for Production Landscape
SAP Digital Vehicle Hub Preview SAP Digital Vehicle Hub for Preview Landscape
SAP Digital Vehicle Hub Test SAP Digital Vehicle Hub for Test Landscape

Onboarding PUBLIC 11
5. Choose Configure Entitlements to edit entitlements for a subaccount. You can make the following
updates:
Action Steps
Edit quota for a service plan Choose plus or minus to increase or decrease the serv
ice plan quota for the desired plan which you intend to
use.
6. Choose Save to update the changes and exit edit mode.
3. Create a space using the following substeps:

1. Navigate to the subaccount.
2. In the navigation area, choose Spaces.
3. On the Spaces page, choose New Space.
The New Space screen appears.
4. Enter a name for the space.
5. Choose Save. The space is listed in the subaccount.
 Tip
If you have multiple spaces available in your subaccount, use the search option to filter the new
space.
6. Choose the new space tile to access the space.

4. Create a service instance and service key using the following substeps:
1. In the navigation area, choose Service Marketplace. The tile for the subscribed SAP Digital Vehicle Hub
solution appears.
2. Choose the tile to access the Overview page of the solution.
3. In the navigation area, choose Instances.
4. On the instances page, choose New Instance. The instance creation wizard appears.
5. Choose the service plan applicable for the subscribed solution.
 Note
Certain solutions have multiple service plans. If a solution has a single plan, it will appear as the
default plan in the drop-down box.
6. Choose Next to proceed without entering any details to the optional wizard screens Specify Parameters
and Assign Application.
7. On the Confirm screen, enter a name for the instance. On the Confirm screen, enter a name for the
instance.
8. Choose Finish.
9. Choose the new instance. The service instance page appears.
10. In the navigation area, choose Service Keys. In the navigation area, choose Service Keys.
11. On the service keys page, choose Create Service Key.
12. On the Create Service Key screen, enter a name for the service key.
13. Choose Save. A service key is generated. The following table lists the client credentials that are
required:

Client Credentials Parameters
Client ID uaa.clientid
Client Secret uaa.clientsecret
Token URL uaa.url + ‘/oauth/token’
Application URL(s) endpoints.<application>-service and end

points.<application>-srv.
 Note
Basic authentication is not supported in the SAP Business Technology Platform - Cloud Foundry
environment, except with a default SAP IDP. We recommend that users in the SAP Business
Technology Platform - Cloud Foundry environment use OAuth 2.0 client credentials flow for API
access.
4.3 Onboarding to SAP Telematic Data Configurator
Onboarding users to the SAP Telematic Data Configurator solution.
This section describes how to onboard to the SAP Telematic Data Configurator solution within your global
account.
 Note
The SAP Telematic Data Configurator solution is available in Europe EU10 (Frankfurt) - AWS region.
 Remember
• It is mandatory for users to perform the onboarding activities mentioned in the and Onboarding to SAP
Digital Vehicle Hub [page 9] topics.
• Other mandatory activities include:
• Creating Subaccounts
• Subscribing to Intelligent Asset Management Solutions
• Subscribing to SAP Digital Vehicle Hub
• Setting User Authorization
• Accessing APIs of SAP Intelligent Asset Management Solution
• Subscribing to the other applications and accessing APIs of the SAP Intelligence Asset
Management solutions are optional and depends on the license purchased.

Onboarding PUBLIC 13
Subscribing to SAP Telematic Data Configurator
You can subscribe to SAP Telematic Data Configurator only if you have a subscription to the Premium Plan of
SAP Business Network Asset Collaboration with Production tenant type.
Context
This activity enables you to access the UI applications of the SAP Telematic Data Configurator solution.
Procedure
1. Within your global account, you need to create a subaccount from where you subscribe to the SAP
Telematic Data Configurator app. Navigate to Subaccounts New Subaccount .
2. Navigate to your subaccount under the global account in the SAP Business Technology Platform cockpit.
3. Choose Service Marketplace in the navigation area.
4. On the service marketplace screen, expand the All Types dropdown list and select Application.
All purchased solutions of SAP Digital Vehicle Hub are displayed as tiles. Following are the list of tiles:
SAP Telematic Data Configurator SAP Telematic Data Configurator for Production
Landscape
SAP Telematic Data Configurator Preview SAP Telematic Data Configurator for Preview Landscape
SAP Telematic Data Configurator Test SAP Telematic Data Configurator for Test Landscape
5. Choose the tile you want to subscribe. The overview and application plans of the business application are
displayed.
6. To subscribe, choose Create.
Once the business application subscription is activated, it is displayed in the Instances and Subscription
section of the navigation area in the cockpit.

5 Connectivity
You can connect SAP Digital Vehicle Hub to your SAP S/4HANA system, and to SAP Analytics Cloud and SAP
Event Mesh. Navigate to the following chapters for further details.
For more information about connectivity, see the SAP BTP documentation under Connectivity in the Cloud
Foundry Environment.
5.1 Connecting to SAP Analytics Cloud
This section describes how to configure a data connection in SAP Analytics Cloud.
Prerequisites
You have enabled your custom identity provider from SAP Digital Vehicle Hub in SAP Analytics Cloud. For more
information, see Enabling a Custom SAML Identity Provider.
Context
To use data from SAP Digital Vehicle Hub in your story in SAP Analytics Cloud and in your analytics dashboard,
you need to configure a data connection that allows you to import the data using generic OData services.
1. Open SAP Analytics Cloud.
2. Choose (Main Menu) Connection .

Result:
The Connections screen is displayed.
3. To add a new connection, choose (Add Connection).

Result:
The Select a Datasource dialog box is displayed.
4. Choose Acquire Data OData Services .
Information:
The New OData Services Connection dialog box is displayed.
5. Fill in the following fields for a connection to SAP Asset Central Foundation:
Connection Name Enter a name for the connection.
Description Enter a description for the connection.

Connectivity PUBLIC 15
Connect to an SAP OData service Activate this checkbox.
Data Service URL Enter the following URL: https://

ac.cfapps.eu10.hana.ondemand.com/
odata/ain/ac.odata.svc/api/v1
Authentication Type Select OAuth 2.0 Client Credentials.
OAuth Client ID Enter the client ID that you received during the
subscription to the asset central foundation.
Secret Enter the client secret that you received during the
subscription to the asset central foundation.
Token URL Enter the following URL with your tenant-subdomain:

https://<tenant-
subdomain>.authentication.eu10.hana.ond
emand.com/oauth/token/
6. Fill in the following fields for a connection to SAP Digital Vehicle Hub:
Connection Name Enter a name for the connection.
Description Enter a description for the connection.
Connect to an SAP OData service Do not activate this checkbox.
Data Service URL Get base URL from DVH service instance from property
endpoints.odata-service-url https://<base-url>/
odata/v4/sac
Authentication Type Select OAuth 2.0 Client Credentials.
OAuth Client ID Enter the client ID that you received during the
subscription to the SAP Digital Vehicle Hub.
Secret Enter the client secret that you received during the
subscription to the SAP Digital Vehicle Hub.
Token URL Enter the following URL with your tenant subdomain:
https://<tenant-
subdomain>.authentication.eu10.hana.ond
emand.com/oauth/token/
7. Choose Create.
Result
The data connection is configured.
Related Information
Configuring SAP Analytics Cloud and Offline Analytics Dashboards

16 PUBLIC Connectivity
5.2 Connecting to SAP Event Mesh
SAP Digital Vehicle Hub produces business events based on changes to the vehicle object. These events will be
published in the SAP Business Accelerator Hub. These events lead to the creation of a message in SAP Event
Mesh application. For more information, see SAP Event Mesh.
Messages contain the business context of the event that has occurred. Messages are published to topics that
consumers have subscribed to.
Based on the license that you have purchased, you have authorization to access the SAP Event Mesh
application.
Events are produced when:
• A vehicle is created.
• A vehicle is updated or changed.
Business Events
Topics from SAP Digital Vehicle Hub

Event messages are produced and published to topics in the SAP Event Mesh application. You must subscribe
to these topics to obtain the event messages.
The topics are listed below:
• vehicleCreate: Topic for vehicle creation in SAP Digital Vehicle Hub.

• vehicleUpdate: Topic for updating a vehicle in SAP Digital Vehicle Hub.
Topic Business Event
vehicleCreate Creation of a vehicle
vehicleUpdate Update or change of a vehicle
vehicleDelete Deletion of a vehicle
Accessing SAP Event Mesh
Prerequisite
You have subscribed to SAP Digital Vehicle Hub.
1. Within your global account you need to create a subaccount from where you subscribe to the SAP Digital
Vehicle Hub app. Navigate to Subaccounts New Subaccount .
2. Navigate to your subaccount under the global account.
3. Choose the Subscriptions tab from the pane on the left-hand side. The applications to which you have
subscribed are displayed in a list, along with the name and short description of the application.

SAP Event Mesh Enterprise Messaging
4. Choose the pplications to open their Overview page and choose Subscribe
5. The Go to Application links become available once the subscriptions are activated. Choose a link to launch
the respective application and to obtain its URL.
 Note
Once the subscription is completed, additional Role Collections for Enterprise Messaging are available
in your subaccount.
6. Assign the newly created role collection to your users.

7. Select the Subscriptions tab again and choose Go to Application.
8. The Messaging Administration UI screen must appear with no errors"?be shown without any errors. On the
Subscription tile, select the entry for your Messaging Client.
9. The system displays the settings for this Messaging Client and you can define Queues with Queue
Subscriptions to the topics published by SAP Digital Vehicle Hub.
10. For your defined queue, create subscriptions for the following topics:
1. vehicleCreate: Topic for vehicle creation in SAP Digital Vehicle Hub.
2. vehicleUpdate: Topic for updating a vehicle in SAP Digital Vehicle Hub.
 Note
For more information about enterprise messaging, see Using Enterprise Messaging.
Event Definition
The CloudEvents version 1.0 specification will be followed for events from SAP Digital Vehicle Hub. An
event is produced when a vehicle is created, updated or changed. The event will have the following standard
attributes of the CloudEvents specifications:
Attribute Type Description
id String Identifies the event.
source URI-reference Identifies the instance in which the

event originated.
specversion String The version of the CloudEvents specifi-

cation which the event uses.
type String Describes the type of the event related

to the source in which the event origi
nated.
datacontenttype String Content type of the data attribute.

Attribute Type Description
subject String Describes the subject of the event in

the context of the source in which the
event originated. For example, a certain
business object or a resource.
time Timestamp Timestamp of when the event occured.
data Application or json object The payload of the event.
 Note
The attribute data describes the complete vehicle information which was created or changed, resulting in
the origin of the event.
For more informtaion about Events for SAP Digital Vehicle Hub, see SAP Business Accelerator Hub .
5.3 Connecting to SAP S/4HANA On-Premise System
This section covers the steps to be performed to set up the connection between the SAP Digital Vehicle Hub
application and SAP S/4HANA.
The connectivity settings are required to enable SAP Digital Vehicle Hub application to:
• Read business partner information from the SAP S/4HANA system

• Navigate to SAP S/4HANA Fiori apps
 Note
Connecting to SAP S/4HANA enables users to perform the following tasks:
Read information of a business partner associated with SAP S/4HANA transactions such as purchase
order, sales order, third-party invoice and outgoing invoice from SAP S/4HANA On-Premise system, and
display them in the View Vehicles and Modify Vehicles apps for the following sections respectively:
• Vehicle Procurement
• Vehicle Sales
• Third-party invoice
• Outgoing invoice
• Related Procurement
• Related Object
• Financial Document
Navigate to SAP S/4HANA Fiori apps for transactions such as purchase order, sales, invoice, material
document, inbound and outbound delivery from View Vehicles and Modify Vehicles apps for the following
sections respectively:
• Vehicle Procurement
• Vehicle Sales

• Third-party invoice
• Outgoing invoice
• Related Procurement
• Inbound Material Document
• Outbound Material Document
• Inbound Delivery
• Outbound Delivery
• Related Object (Asset and WBS)
• Financial Document
Navigate to SAP S/4HANA Business Partner Fiori app from View Vehicles and Modify Vehicles apps for the
following sections respectively:
• Supplier in Vehicle Procurement (purchase/lease/rental)

• Sold-to-party, payer, and bill-to-party in Vehicle Sales
• Supplier and bill-to-party in third-party invoice
• Payer and bill-to-party in outgoing invoice
• Supplier in Related Procurement
For more information about connectivity, see the SAP BTP documentation under Connectivity in the Cloud
Foundry Environment.
5.3.1 Installing and Configuring Cloud Connector
The Cloud connector enables access to your S/4HANA on-premise systems. It must be installed in your
on-premise intranet network.
The SAP Digital Vehicle Hub app can read business partner information from SAP S/4HANA system using the
Cloud connector.
For more information, see
Cloud Connector Installation.
Cloud Connector Initial Configuration.
For more information, see Configure Access Control (HTTP).
Configure Accessible Resources
5.3.2 SAP S/4HANA: Activating OData Services
OData services must be activated in your SAP S/4HANA system to allow SAP Digital Vehicle Hub to read data
from the SAP S/4HANA system.

Activate and Maintain Services
The service maintenance is part of the Implementation Guide (IMG) in your system. In the SAP Reference IMG
(transaction SPRO) navigate to SAP NetWeaver SAP Gateway OData Channel Administration General
Settings Activate and Maintain Services (or transaction /n/iwfnd/maint_service.
The following OData services should be activated and maintained in your SAP S/4HANA system. If you don't
find them in the list of registered services (Service Catalog), you have to add the respective services by
choosing Add Service in the menu bar.
External Service Name Technical Service Name
API_BUSINESS_PARTNER ZAPI_BUSINESS_PARTNER
For more information, see Activate and Maintain Services.
Activate ICF services
Check in transaction SICF if the mentioned OData services (path: /default_host/sap/opu/

odata/sap/ !) are activated. If not, you can activate an ICF service as follows:
1. Select the required ICF service in the ICF tree in transaction SICF.
2. From the context menu, choose Activate Service.
For more information, see ICF Services.
5.3.3 SAP S/4HANA: Creating a Role for the Technical

Communication User
A specific role must be available that comprises all authorizations that are necessary for the technical
communication between the SAP Digital Vehicle Hub application and your S/4HANA system.
To access data (for example, material documents, material master and business partner master) within
the SAP Digital Vehicle Hub application on SAP Business Technology Platform via the cloud connector in
S/4HANA, the technical user is used that you specify when defining the destination. You have to create a role
that contains the necessary authorizations and assign it to this technical user in the SAP S/4HANA system.
You can use the role administration functions (transaction PFCG) to manage roles and authorization data.
Follow the steps as described here: Creating Single Roles.
1. Create a new role.

2. Create a role menu on the Menu tab.
1. Choose + Authorization Default to insert new nodes.
2. Set Authorization Default to TADIR Service
3. Add the following TADIR services:

Object Type TADIR Service
IWSG SAP Gateway: Service Group Metadata ZAPI_BUSINESS_PARTNER_0001
IWSV SAP Gateway Business Suite Enablement API_BUSINESS_PARTNER 0001
3. Assign authorization objects on the Authorizations tab to the role

1. Choose Change Authorization Data.
2. Manually add the following Authorization Objects to the respective Object Classes:
Object Class Authorization Object
AAAB B_BUPA_GRP
S_SERVICE
3. Change the field values of the authorization objects
5.3.4 SAP S/4HANA: Creating a Communication User
The already created role for the technical communication user must be assigned to a technical user's master
record.
The already created role for the technical communication user must be assigned to the user master record of
the technical user that you specify when defining the destination for the technical communication between the
SAP Digital Vehicle Hub application and your S/4HANA system.
For more information on how to create and edit user master records, see: Creating and Editing User Master
Records.
5.3.5 SAP Business Technology Platform: Creating and

Configuring a Destination
The HTTP destinations on subaccount level provide information for connecting the SAP Digital Vehicle Hub
application to your on SAP S/4HANA on-premise system.

You must create and configure a new HTTP destination in your SAP Business Technology Platform
subaccount using the information provided in the cloud connector. Navigate to Subbaccount Connectivity
Destination to create the destination for the following cases:
Case 1: All transactions and associated business partner in a single SAP S/

4HANA system
• All purchase orders, sales orders, third party invoices, outgoing invoices, and the associated business
partner reside in a single SAP S/4HANA system.
• You have to create a single destination. The following information must be maintained:
Field Value
Name DVH_S4H_DEFAULT
Type HTTP
Description Any description.
Location ID Empty. If value specified, then the same value has to be

specified in the corresponding subaccount settings of the
cloud connector.
URL Virtual address as defined in the cloud connector (virtual

host + virtual port).
 Note
The URL enables reading business partner information
from SAP S/4HANA.
Proxy Type OnPremise
Authentication BasicAuthentication
User Technical communication user that is used in SAP S/

4HANA.
Password Password of the technical communication user.

Field Value
Hyperlinks Enables cross-navigation to the SAP Fiori apps in SAP S/

4HANA. Select New Property and enter the following:
• lauchpad_url as the key (name).

• Launchpad URL for SAP S/4HANA as the value.
 Tip
Below is a sample SAP Fiori launchpad URL: https://
xyz800-abc800.wdf.sap.corp/sap/bc/ui5_ui5/ui2/ush
ell/shells/abap/FioriLaunchpad.html
Note that this is an external site.
 Recommendation
1. SAP Fiori apps should be implemented in SAP/S/
4HANA. Depending on the SAP Fiori apps that you
want to use, different tasks are required. For fur
ther information, refer to SAP Fiori: App Implemen
tation.
2. You can access SAP Fiori apps only from a secure
corporate network.
3. The destination is configured with the connectivity
details for SAP Fiori launchpad of SAP S/4HANA.
For further information, refer to Create HTTP Desti
nations.
4. You must have the necessary business roles already
configured to access the SAP Fiori apps in SAP S/
4HANA.
Case 2: Each transaction and associated business partner in a seperate SAP

S/4HANA system
• All transactions such as purchase orders, sales orders, third party invoices, outgoing invoices, and the
associated business partner reside in separate SAP S/4HANA systems.
• You have to create one destination per transaction. The following information must be maintained:

Field Value
Name DVH_S4H_<TRANSACTION>. For example,

• DVH_S4H_SALES or
• DVH_S4H_PURCHASE or
• DVH_S4H_THIRD_PARTY_INVOICE or
• DVH_S4H_OUTGOING_INVOICE
• DVH_S4H_MATERIAL_DOCUMENT
• DVH_S4H_INBOUND_DELIVERY
• DVH_S4H_OUTBOUND_DELIVERY
• DVH_S4H_RELATED_PROCUREMENT
• DVH_S4H_RELATED_OBJECT_ASSET
• DVH_S4H_RELATED_OBJECT_WBS
• DVH_S4H_FINANCIAL_DOCUMENT
Type HTTP

cloud connector.


4HANA.

Field Value


 Tip
Below is a sample SAP Fiori launchpad
URL: https://xyz800-abc800.wdf.sap.corp/sap/bc/
ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html.
Refer to https://help.sap.com/viewer/
cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/
783fa1c418a244d0abb5f153e69ca4ce.html for manag
ing destinations.
 Recommendation
tation.
corporate network.
nations.
4HANA.
Case 3: Each transaction instance and associated business partner with the
corresponding SAP S/4HANA system
• Every purchase order, sales order, third party invoice, outgoing invoice, and the associated business
partner can have its own source SAP S/4HANA system.
• You have to create one destination per transaction per source system. The following information must be
maintained:

Field Value
Name • DVH_S4H_SALES_<SOURCE_SYSTEM_ID>
or
• DVH_S4H_PURCHASE_<SOURCE_SYSTEM_ID> or
• DVH_S4H_THIRD_PARTY_INVOICE_<SOURCE_S
YSTEM_ID> or
• DVH_S4H_OUTGOING_INVOICE_<SOURCE_SYST
EM_ID> or
• DVH_S4H_MATERIAL_DOCUMENT_<SOURCE_SYS
TEM_ID> or
• DVH_S4H_INBOUND_DELIVERY_<SOURCE_SYST
EM_ID> or
• DVH_S4H_OUTBOUND_DELIVERY_<SOURCE_SYS
TEM_ID> or
• DVH_S4H_RELATED_PROCUREMENT_<SOURCE_S
YSTEM_ID> or
• DVH_S4H_RELATED_OBJECT_ASSET_<SOURCE_
SYSTEM_ID>
• DVH_S4H_RELATED_OBJECT_WBS_<SOURCE_SY
STEM_ID>
• DVH_S4H_FINANCIAL_DOCUMENT_<SOURCE_SY
STEM_ID>
 Note
<SOURCE_SYSTEM_ID> refers to the SAP S/4HANA
system where the particular transaction instance has
taken place.
For example, if SOURCE_SYSTEM_ID is ABC123, ABC

would be the system ID and 123 would be the client ID of
SAP S/4HANA.
The SOURCE_SYSTEM_ID must be the same as the

value maintained for SourceSystemID via the POST/
PATCH APIs of SAP Digital Vehicle Hub for that particu
lar transaction instance.
Type HTTP

cloud connector.


Field Value

4HANA.


 Tip
Below is a sample SAP Fiori launchpad
URL: https://xyz800-abc800.wdf.sap.corp/sap/bc/
ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html
Refer to https://help.sap.com/viewer/
cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/
783fa1c418a244d0abb5f153e69ca4ce.html for manag
ing destinations.
 Recommendation
tation.
corporate network.
nations.
4HANA.
Listed below are the destinations in order of their priorities:
1. DVH_S4H_<TRANSACTION>_<SOURCE_SYSTEM_ID>
2. DVH_S4H_<TRANSACTION>
3. DVH_S4H_DEFAULT
For more information, see Managing Destinations and the specific information on creating HTTP destinations
therein.

5.3.6 Whitelisting of IP Address of SAP Business Technology
Platform
If you have installed a cloud connector within a DMZ zone where inbound connections from public internet are
not allowed, then you will have to whitelist IPs of SAP Business Technology Platform for any inbound request.
For more information, see Regions.
5.4 Connecting to SAP Internet of Things
This section describes the connectivity between SAP Digital Vehicle Hub and SAP Internet of Things (SAP IoT).
Prerequisites
You have subscribed to the SAP Business Network Asset Collaboration and SAP Digital Vehicle Hub
applications within your subaccount.
For more information, see Onboarding [page 7].
Context
• Connectivity to the SAP Internet of Things (SAP IoT) application enables automatic onboarding of a vehicle
as a device to SAP Internet of Things.
For more information, see Automatic Device Onboarding - SAP Internet of Things.
Once the vehicle is created and published, it is onboarded as device to SAP Internet of Things.
• For the devices which are created in SAP Internet of Things, IoT data can be ingested. For more
information, see About SAP IoT Device Connectivity.
System retrieves and displays the IoT data of the devices as timeseries information in a graphical format
for the corresponding vehicles in the View Vehicles app of SAP Digital Vehicle Hub.
5.5 Connecting to Data Aggregator (Otonomo)
This section describes the connectivity between SAP Telematic Data Configurator and Otonomo Data
Aggregator.
Connecting SAP Telematic Data Configurator to Otonomo Data Aggregator enables the flow of telematic data
from Otonomo specific workspaces to SAP Internet of Things (SAP IoT) service.

Prerequisites
You have subscribed to SAP Telematic Data Configurator.
1. Open the BTP cockpit subaccount and navigate to Connectivity Destination Page .
2. Create a destination using the VCH_<AggregatorWorkspaceID> naming convention, and enter the details
provided below:
Authentication: OAuth2ClientCredentials
Client ID
Client Secret
Token Service URL
service_Id
3. In the SAP Telematic Data Configurator app, create an aggregator entry with the same Aggregator
Workspace ID.
5.6 Connecting to AWS IoT
Setting up an AWS (Amazon Web Services) account
• Create a role with a permission policy in AWS and set it up. For more information, see Policies and
Permissions in IAM .
• Perform the following actions as part of permissions policy to enable streaming of the data into AWS from
Otonomo: PutRecord, PutRecords, and DescribeStream.
 Sample Code
Example
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords",
"kinesis:DescribeStream"
],
"Resource": "arn:aws:kinesis:eu-central-1:617540613474:stream/dvh-otonomo-
test"
}
]
}
• Create the database and table in AWS Timestream. For more information, see What is Amazon
Timestream .
• Create the data stream in AWS Kinesis. For more information, see Creating and Managing Streams .
• The provided JAR file can be downloaded via the RBSC with a valid technical S-User. For more information,
see Repository-Based Shipment Channel.

• Upload the provided JAR file in S3 bucket. For more information, see Uploading Objects .
• Create an analytics application in AWS Kinesis. For more information, see Create an Anaytics
Application .
Configure the application. Choose application configure . Perform the following:
• Specify the code location.Tthis would be the path where the jar file is uploaded in S3.
• Add the following runtime properties. For more information, see Runtime Properties in Kinesis Data
Analytics for Apache Flink .
• For the group ID ConsumerConfigProperties, provide the following properties:
• aws.region: The region where the data stream is located.
• flink.stream.initpos: The starting position in the data stream for the user. The values supported are
LATEST, TRIM_HORIZON.
• stream.name: The name of the data stream.
• For the group ID ProducerConfigProperties, provide the following properties:
• aws.region: The region where the Timestream DB is located.
• databaseName: The name of the database in the Timestream DB.
• tableName: The name of the table in the Timestream DB.
• Configure the other sections according to your use case.
Setting up Otonomo to send the data into Kinesis
For more information, see Streaming Interface Properties .
Perform the following steps:
• Login to Otonomo dashboard here .

• Navigate to Fleets section.
• Navigate to the menu and choose Streaming. Enter the stream name that you have maintained in AWS
account for Kinesis data stream.
• Enter the role ARN.
• Enter the region.
• Configure other settings according to your need and apply the configuration.
Setting up destination for fetching telematics data from AWS
For more information, see Using the Destinations Editor in the Cockpit.
Perform the following steps:
• Create a destination with name DVH_AWS_IOT

• Set type as HTTP
• Set URL as http://dummy
• Set proxy type as Internet
• Set Authentication as BasicAuthentication
• Provide access key ID from AWS in the user field
• Provide access key secret from AWS in the password field
• Choose New Property and add the following Additional Properties:
• DatabaseName: Provide the name of the database created in TimeSeries DB
• TableName: Provide the name of the table created in TimeSeries DB

• Region: Provide the region of the AWS account. For more information on the supported regions, see
Regions, Availability Zones, and Local Zones .
• Save the destination
Once you have completed the above setup, you will be able to view the telematic data for the vehicles for
which the data is sent by Otonomo and the vehicles are maintained in SAP Digital Vehicle Hub. Ensure that
the field telematicsDataSourceCode is set to 02 (AWS Kinesis Timeseries) for the vehicle.
5.7 Connecting to SAP Cloud ALM
SAP Cloud ALM is an offering for Application Lifecycle Management (ALM). It is intended for users who use
solutions provided by SAP, and who do not want to use their own ALM On-Premise platform to manage those
solutions.
SAP Cloud ALM records all Create, Update, and Delete messages of vehicles in SAP Digital Vehicle Hub. It
shows the data in tabular and graphical format in SAP Cloud ALM’s Integration Monitoring application.
This section describes how to setup and configure a connection between SAP Digital Vehicle Hub and SAP
Cloud ALM and to enable monitoring.
Prerequisites
For more information on setup, see Setup Steps in SAP Cloud ALM .
Context
To configure monitoring of SAP Digital Vehicle Hub, see Available Monitoring Content.

6 User Management
This section describes how to configure user management for your application. As a prerequisite, you have
created business users and user groups in your identity provider (IdP). SAP ID service is configured as the
default IdP, but you can also add your instance of SAP Cloud Identity Services - Identity Authentication or a
different IdP.
If you use the Identity Authentication service, you can find more information in the SAP BTP documentation
under Manually Establish Trust and Federation Between UAA and Identity Authentication.
If you use a different IdP, you can find more information under Establish Trust and Federation with UAA Using
Any SAML Identity Provider.
For more information on security aspects in SAP Digital Vehicle Hub, see Session Security Protection.
6.1 Defining Role Collections and Assigning them to Users
In the Cloud Foundry environment, an application provides authorization artifacts for business users. You use
this information to build roles, bundle them in role collections, and assign these collections to business users or
user groups.
6.1.1 Defining and Bundling Roles
Roles are used to define the type of access granted to an application. They are based on role templates and
can be added to role collections. For role templates, attributes are provided to restrict the data access by
instance-based authorizations.
With SAP Digital Vehicle Hub roles, you can restrict the access to vehicle details and vehicle-related details.
To allow instance-based authorization, you need to use the attributes of the corresponding role templates
when you create a role . You need to create roles based on the role templates and define values for the
respective attributes in accordance with your business needs.
SAP Digital Vehicle Hub provides the following role templates:
Tiles on SAP Fiori Launch

Role Template Description Available Attributes pad
fuel_card_read The user is authorized to Not applicable. Has read access to fuel card
view fuel card details of a ve information.
hicle.

User Management PUBLIC 33
fuel_card_manage The user is authorized to Not applicable. Has both read and write ac
manage fuel card details of a cess to fuel card information.
vehicle.
insurance_contract_read The user is authorized to InsuranceCompanyName Has read access to insurance

view or manage insurance contract information.
InsuranceType
contract details of a vehicle.
InsuranceClass
insurance_contract_manage Additional services that your InsuranceCompanyName Has both read and write ac
application consumes may cess to insurance contract in
InsuranceType
also provide roles. You must formation.
list thoseThe user is author InsuranceClass
ized to manage insurance
contract details of a vehicle.
invoice_read The user is authorized to InvoiceCategory Has read access to vehicle in
view invoice details of a vehi voices.
InvoiceType
cle.
InvoiceSupplierID
invoice_manage The user is authorized to InvoiceCategory Has both read and write ac
manage invoice details of a cess to vehicle invoices.
InvoiceType
vehicle.
InvoiceSupplierID
planned_maintenance_interv The user is authorized to Not applicable. Has read access to planned
al_read view the planned mainte maintenance intervals.
nance details of a vehicle.
planned_maintenance_interv The user is authorized to Not applicable. Has both read and write ac
al_manage manage the planned mainte cess to planned maintenance
nance details of a vehicle. intervals.
purchase_read The user is authorized to PurchasingType Has read access to vehicle

view the procurement details procurement information.
PurchasingOrganization
of a vehicle.
PurchasingGroup
purchase_manage The user is authorized to PurchasingType Has read and write access
manage the procurement de to vehicle procurement infor
PurchasingOrganization
tails of a vehicle. mation.
PurchasingGroup
registration_read The user is authorized to RegistrationType Has read access to vehicle

view the registration details registration information.
of a vehicle.

34 PUBLIC User Management
registration_manage The user is authorized to RegistrationType Has read and write access to
manage the registration de vehicle registration informa
tails of a vehicle. tion.
sales_read The user is authorized to SalesOrganization Has read access to sales in
view the sales details of a ve formation of the vehicle.
SalesDivision
hicle.
SalesChannel
sales_manage The user is authorized to SalesOrganization Has read and write access to
manage the sales details of a the sales information of the
SalesDivision
vehicle. vehicle.
SalesChannel
service_contract_read The user is authorized to ServiceContractCompany Has read access to the serv
Name
view the service contract of ice contract of the vehicle.
a vehicle.
service_contract_manage The user is authorized to ServiceContractCompany Has read and write access to
Name
manage the service contract the service contract of the
of a vehicle. vehicle.
service_history_read The user is authorized to ServiceSupplierName Has read access to the serv
view the service history of a ice history of the vehicle.
vehicle.
service_history_manage The user is authorized to ServiceSupplierName Has read and write access to
manage the service history of the service history of the ve
a vehicle. hicle.
usage_read The user is authorized to UsageType Has read access to vehicle

view the usage details of a usage.
DriverID
vehicle.
usage_manage The user is authorized to UsageType Has read and write access to
manage the usage details of vehicle usage.
DriverID
a vehicle.

vehicle_read The user is authorized to CompanyCode Has read access to the View
view the details of a vehicle. Vehicle app.
Manufacturer
ModelID
ModelYear
ModelVariant
BodyType
FuelType
Engine
Transmission
BatteryType
DriveType
UsedVehicle
vehicle_manage The user is authorized to CompanyCode Has read access to the View
manage the details of a vehi Vehicle app and the Modify
Manufacturer
cle. Vehicle app.
ModelID
ModelYear
ModelVariant
BodyType
FuelType
Engine
Transmission
BatteryType
DriveType
UsedVehicle
warranty_read The user is authorized to Not applicable. Has read access to the vehi
view the warranty details of cle warranty information.
a vehicle.
warranty_manage The user is authorized to Not applicable. Has read and write access to
manage the warranty details the vehicle warranty informa
of a vehicle. tion.

vehicle_configuration_manag The user is authorized to Not applicable. Not applicable.

e modify configuration details
of a vehicle. Configuration
details include model and ve
hicle specification, location,
component and document
vehicle_analytics_read The user is authorized to Not applicable. Not applicable.

view the analytics of a vehicle
vehicle_timeline_read The user is authorized to Not applicable. Has read access to timeline
view the timeline details of a information.
vehicle.
vehicle_monitoring_read The user is authorized to Not applicable. Has read access to monitor
view the monitoring details of ing information.
a vehicle.
vehicle_monitoring_manage The user is authorized to Not applicable. Has read and write access to
view or manage monitoring monitoring information.
details of a vehicle.
inbound_material_document The user is authorized to InboundMaterialDocument Has both read and write
_manage manage the inbound material access to inbound material
MovementType
document details of a vehi document information.
cle. InboundMaterialDocument
Plant
outbound_material_documen The user is authorized to OutboundMaterialDocu Has both read and write ac
t_manage manage the outbound mate cess to outbound material
mentMovementType
rial document details of a ve document information.
hicle. OutboundMaterialDocu
mentPlant
inbound_deliveries_manage The user is authorized to InboundDeliveriesShipping Has both read and write ac
manage the inbound delivery Point cess to inbound delivery in
details of a vehicle. formation.
outbound_deliveries_manage The user is authorized to OutboundDeliveriesShipping Has both read and write ac
manage the outbound deliv Point cess to outbound delivery in
ery details of a vehicle. formation.
related_procurement_manag The user is authorized to RelatedProcurementType Has both read and write ac
e manage related procurement cess to related procurement
details of a vehicle. RelatedProcurementOrgani information.
zation
RelatedProcurementGroup
inbound_material_document The user is authorized to InboundMaterialDocument Has read access to inbound

_read view the inbound material material document informa
MovementType
document details of a vehi tion.
cle. InboundMaterialDocument
Plant

outbound_material_documen The user is authorized to OutboundMaterialDocu Has read access to outbound

t_read view the outbound material material document informa
mentMovementType
document details of a vehi tion.
cle. OutboundMaterialDocu
mentPlant
inbound_deliveries_read The user is authorized to InboundDeliveriesShipping Has read access to inbound

view the inbound delivery de Point delivery information.
tails of a vehicle.
outbound_deliveries_read The user is authorized to OutboundDeliveriesShipping Has read access to outbound

view the outbound delivery Point delivery information.
details of a vehicle.
related_procurement_read The user is authorized to RelatedProcurementType Has read access to related

view related procurement de procurement information.
tails of a vehicle. RelatedProcurementOrgani
zation
RelatedProcurementGroup
related_object_read The user is authorized to Not applicable Has read access to related
view related object details of object information.
a vehicle.
related_object_manage The user is authorized to Not applicable Has both read and write ac
manage related object de cess to related object infor
tails of a vehicle. mation.
financial_document_manage The user is authorized to financialDocumentType Has both read and write ac
manage financial document cess to financial document.
details of a vehicle. financialDocumentCompany-
Code
financial_document_read The user is authorized to financialDocumentType Has read access to financial

view financial document de document information.
tails of a vehicle. financialDocumentCompany-
Code
vehicle_download_read The user is authorized to Not applicable Has access to dowload time
dowload timeline information line information data.
data of a vehicle.
vehicle.delete The user is authorized to de Not applicable Has delete access to vehicle
lete the vehicle. and vehicle related data.
customer_returns_material_d The user is authorized to Not applicable Has read access to customer
ocument.read view the customer returns in returns in inbound material
inbound material document. document.
customer_returns_material_d The user is authorized to Not applicable Has both read and write ac
ocument.manage view and edit the customer cess to customer returns in
returns in inbound material inbound material document.
document.

supplier_returns_material_do The user is authorized to Not applicable Has read access to supplier
cument.read view the supplier returns returns in outbound material
in outbound material docu document.
ment.
supplier_returns_material_do The user is authorized to Not applicable Has both read and write
cument.manage view and edit the supplier re access to supplier returns
turns in outbound material in outbound material docu
document. ment.
customer_returns_deliveries. The user is authorized to Not applicable Has read access to customer
read view the customer returns in returns in inbound material
inbound deliveries. deliveries.
customer_returns_deliveries. The user is authorized to Not applicable Has both read and write ac
manage view and edit the customer cess to customer returns in
returns in inbound deliveries. inbound deliveries.
supplier_returns_deliveries.re The user is authorized to Not applicable Has read access to supplier
ad view the supplier returns in returns in outbound deliver
outbound deliveries. ies.
supplier_returns_deliveries.m The user is authorized to Not applicable Has both read and write ac
anage view and edit the supplier re cess to supplier returns in
turns in outbound deliveries. outbound deliveries.
customer_returns_material_d The user is authorized to Not applicable Has read access to customer
ocument.read view the customer returns in returns in inbound material
inbound material document document.
customer_returns_material_d The user is authorized to Not applicable Has read and write access to
ocument.manage view and edit the customer customer returns in inbound
returns in inbound material material document.
document
supplier_returns_material_do The user is authorized to Not applicable Has read access to supplier
cument.read view the supplier returns in returns in inbound material
outbound material document document.
supplier_returns_material_do The user is authorized to Not applicable Has read and write access to
cument.manage view and edit the supplier re supplier returns in inbound
turns in outbound material material document.
document
customer_returns_deliveries. The user is authorized to Not applicable Has read access to customer
read view the customer returns in returns in inbound deliveries.
inbound deliveries
customer_returns_deliveries. The user is authorized to Not applicable Has read and write access to
manage view and edit the customer customer returns in inbound
returns in inbound deliveries deliveries.
supplier_returns_deliveries.re The user is authorized to Not applicable Has read access to supplier
ad view the supplier returns in returns in outbound deliver
outbound deliveries ies.
supplier_returns_deliveries.m The user is authorized to Not applicable Has read and write access to
anage view and edit the supplier re supplier returns in outbound
turns in outbound deliveries deliveries.

extension_entity_1.read The user is authorized to Not applicable Has read access to extension
view the extension entity 1 entity 1.
extension_entity_1.manage The user is authorized to Not applicable Has both read and write ac
view and edit extension en cess to extension entity 1.
tity 1
view extension entity 2 entity 2.
tity 2
tity 3
view and edit the extension cess to extension entity 4.
entity 4
view and edit the extension cess to extension entity 5.
entity 5
spare_part_read The user is authorized to Not applicable Has read access to spare
view spare parts details of a part details of a vehicle.
vehicle.
spare_part_manage The user is authorized to Not applicable Has read and write access to
manage spare parts details spare part details of a vehi
of a vehicle. cle.
 Example
If there are vehicles for company code 001 and 002, you have to create two roles from the role template
vehicle_read with the respective CompanyCode attribute values for 001 and 002, and add these two roles
to the respective role collections. This restricts which users can view or manage vehicles that belong to a
specific company code.
If the role template doesn't have any attributes, then the corresponding roles are identical to the role templates
and are created automatically. If the role template has one or more attributes, you must create roles based on
the role templates and provide the attribute values.
As a prerequisite for assigning roles to IdP users or user groups, you also need to configure role collections.
A role collection consists of one or more roles from one or more applications and can be used to bundle
authorizations within and across applications.

Procedure to define new roles based on role templates
1. Share Required Vehicle

To access the vehicle, the organization owning it must share it with the required organization.
This means that an invitee organization can access vehicles and their details only if the vehicles are shared
by the owner organization.
2. Subscribe to SAP Digital Vehicle Hub application
A subscription to the SAP Digital Vehicle Hub application provides the SAP standard role templates and
corresponding roles to the subaccount.
1. Open the cockpit for SAP Business Technology Platform.
2. Go to your subaccount (see Navigate to Orgs and Spaces).
3. Choose your Subscriptions.
4. Choose the SAP Digital Vehicle Hub application.
3. Maintain Users in Identity Provider
1. Go to the Administration cockpit of the identity provider.
2. Under Users & Authorizations, choose User Groups to create new user groups. These groups
correspond to the role collections in the SAP Business Technology Platform Cockpit of your
subaccount.
3. Under Users & Authorization, choose User Management to add the user. Navigate to the User Group
section to assign user groups to the users.
4. Maintain Role Collection in SCP Cockpit
1. Use the SAP Business Technology Platform cockpit to manage role collections.
2. Go to your subaccount (see Navigate to Orgs and Spaces) and choose Security Role Collections .
3. Choose a role collection or create a new one. Enter a name and a description for the new role template.
4. To add roles to your new role collection, edit it.
5. Choose Add Role.
6. Select the application identifier, the role template, and the role, and choose Save.
For more information about how to create roles and how to bundle them in role collections using the SAP BTP
cockpit, see Building Roles and Role Collections for Applications.
Procedure to maintain roles
1. Use the SAP Business Technology Platform cockpit to manage role collections.
2. Go to your subaccount (see Navigate to Orgs and Spaces).
3. Choose your Subscriptions.
4. Choose SAP Digital Vehicle Hub.
5. On the Overview page, choose Manage Roles.
6. To create a new role, choose New Role.
7. Enter a name and a description for the new role.
8. Select the role template you want to use.
9. Choose Next to assign attributes and values to the role.
10. To specify attribute values, select Static attribute source from the dropdown menu and enter static
values. Choose Enter.

 Note
If you do not want to maintain a value, select unrestricted source.
11. Choose Next to assign this configuration to a role collection.

12. Choose Next to review or manage and save the configuration.
For more information about how to maintain the attributes, see Using Attributes to Refine the Roles.
Procedure to maintain service broker
To update the service broker instance using CF CLI
• Login to the space where the broker is present.

• Run the following command to get the guid of the instance: cf service <service-instance> –guid.
• Create a json file with following structure:
 Sample Code
{
"xs-security": {
"xsappname": "<<guid>>",
}
}
• Run the following command to update the broker: cf update-service <service-instance> -c jsonfile
To update the service broker instance using SAP BTP cockpit
• Navigate to the space where the service broker instance is present.

• Navigate to instances section.
• Select the service broker instance.
• Copy the guid from instance ID:
• Click on the three dots and choose Update.

• Navigate to parameter section and paste the following json in the section.
 Sample Code
{
"xs-security": {
"xsappname": "<<guid>>",
}
• Choose Update Instance button to update.

6.1.2 Assigning Role Collections to Users
In the SAP BTP cockpit, you must assign role collections to IdP users or user groups. As a prerequisite, users
and user groups must have been created in the Identity Authentication service or another IdP.
 Note
If you use the SAP ID service, you assign role collections to individual users. If you use the Identity
Authentication service or another IdP, you assign them either to individual users or to user groups.
For more information about how to assign role collections to users or user groups using the SAP BTP cockpit,
see Assigning Role Collections.

6.1.3 Defining and Bundling Roles and Assigning Role
Collections to Users in Telematic Data Configurator
Roles are used to define the type of access granted to an application. They are based on role templates and
can be added to role collections. For role templates, attributes are provided to restrict the data access by
instance-based authorizations.
In the SAP BTP cockpit, you must assign role collections to IdP users or user groups. As a prerequisite, users
and user groups must have been created in the Identity Authentication service or another IdP.
 Note
If you use the SAP ID service, you assign role collections to individual users. If you use the Identity
Authentication service or another IdP, you assign them either to individual users or to user groups.
For more information about how to assign role collections to users or user groups using the SAP BTP cockpit,
see Assigning Role Collections.
Telematic Data Configurator provides the following role templates:
Role Description
AdminRead The user is authorized to view any configuration within the

application, such as aggregator, workspace, mapping, or
consent.
AdminManage The user is authorized to modify any configuration within

the application, such as aggregator, workspace, mapping, or
consent.
AdminDelete The user is authorized to delete any configuration within

the application, such as aggregator, workspace, mapping, or
consent.
 Note
These roles are by default available to be assigned to a role collection and then to users once the
application is successfully subscribed.
Follow the steps mentioned below to provide users acess to the application:
1. Assign the roles mentioned above to an existing role collection or create a new role collection specific to
Telematic Data Configurator.
2. After the assignment of role collections to respective users, the Telematic Data Configurator app would be
visible on the launchpad.

Important Disclaimers and Legal Information
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
• Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
• The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
• Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering an SAP-hosted Web site. By using
such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.
Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.

Important Disclaimers and Legal Information PUBLIC 45
www.sap.com/contactsap
© 2023 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.
Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.
Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.
THE BEST RUN

SAP Digital Vehicle Hu

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SAP Digital Vehicle Hu

Uploaded by

Copyright:

Available Formats

PUBLIC

Administration Guide for SAP Digital Vehicle Hub

THE BEST RUN

3.1 Browsers and Browser Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2 Other Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

4.1 Onboarding to SAP Business Network Asset Collaboration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.2 Onboarding to SAP Digital Vehicle Hub. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

4.3 Onboarding to SAP Telematic Data Configurator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

5.1 Connecting to SAP Analytics Cloud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5.2 Connecting to SAP Event Mesh. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

5.3 Connecting to SAP S/4HANA On-Premise System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Installing and Configuring Cloud Connector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SAP S/4HANA: Activating OData Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SAP S/4HANA: Creating a Role for the Technical Communication User. . . . . . . . . . . . . . . . . . . . 21

SAP Business Technology Platform: Creating and Configuring a Destination. . . . . . . . . . . . . . . . 22

Whitelisting of IP Address of SAP Business Technology Platform. . . . . . . . . . . . . . . . . . . . . . . . 29

5.4 Connecting to SAP Internet of Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.5 Connecting to Data Aggregator (Otonomo). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.6 Connecting to AWS IoT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5.7 Connecting to SAP Cloud ALM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

6.1 Defining Role Collections and Assigning them to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Defining and Bundling Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Assigning Role Collections to Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Administration Guide for SAP Digital Vehicle Hub

Document Version Comment

2308 This administration guide describes the steps you need to

Administration Guide for SAP Digital Vehicle Hub

About This Guide

This guide addresses the following target audience:

About SAP Digital Vehicle Hub

Administration Guide for SAP Digital Vehicle Hub

3.1 Browsers and Browser Settings

Google Chrome Latest version

Mozilla Firefox Extended Support Release (ESR) and latest version

Microsoft Internet Explorer 11

Microsoft Edge Latest Current Branch for Business

Safari Latest two versions (for macOS only)

3.2 Other Prerequisites

Administration Guide for SAP Digital Vehicle Hub

4.1 Onboarding to SAP Business Network Asset

SAP Business Network Asset Collaboration SBN-AIN-OPS

Administration Guide for SAP Digital Vehicle Hub

• SAP Business Network Asset Collaboration Setup: Automated Service

Tenant Types: Purpose

Administration Guide for SAP Digital Vehicle Hub

Onboarding the Organization

4.2 Onboarding to SAP Digital Vehicle Hub

Onboarding users to the SAP Digital Vehicle Hub solution.

Administration Guide for SAP Digital Vehicle Hub

• Other mandatory activities include:

Subscribing to SAP Digital Vehicle Hub

Business Application Tiles

Administration Guide for SAP Digital Vehicle Hub

1. Create an Organization : To use the subaccout, you must create an organization.

1. Create an organization using the following substeps:

Tile Name Purpose

Administration Guide for SAP Digital Vehicle Hub

6. Choose Save to update the changes and exit edit mode.

3. Create a space using the following substeps:

6. Choose the new space tile to access the space.

Administration Guide for SAP Digital Vehicle Hub

Client Secret uaa.clientsecret

Token URL uaa.url + ‘/oauth/token’

Application URL(s) endpoints.<application>-service and end­

Application URL(s) endpoints.<application>-service and end