Spaces and pages

Spaces and pages are a hierarchical way to organise SAP Launchpad content into role-oriented sections. They improve navigation and reduce clutter, but they also create a governed entitlement layout that must match business duties or they can make over-scoped access easier to spot and harder to justify.

Expanded Definition

In SAP Launchpad, spaces and pages are a structural model for presenting apps, cards, and content groups in a role-oriented way. A space is the top-level container, while pages arrange content within that container so users see a cleaner, more task-focused landing experience. The model is primarily about navigation and entitlement design, not just user interface layout.

For NHI governance, the important distinction is that spaces and pages can reveal whether access follows business duty boundaries or whether broad entitlements have simply been made less visible. That makes the concept closely related to the principles in the NIST Cybersecurity Framework 2.0, especially around access governance and least privilege. Definitions are mostly stable in SAP administration, but operational use varies across teams depending on whether launchpad content is managed centrally or delegated to application owners.

The most common misapplication is treating spaces and pages as a cosmetic navigation feature, which occurs when organisations design the layout without mapping it to actual job roles and entitlement boundaries.

Examples and Use Cases

Implementing spaces and pages rigorously often introduces governance overhead, requiring organisations to weigh cleaner navigation against stricter role engineering and approval workflows.

• A finance team gets a dedicated space that surfaces invoice approval apps, while procurement pages remain separate so access reviews can confirm duty segregation.
• An operations page groups monitoring and incident tools for on-call staff, but only if the underlying role excludes request-and-approve combinations that would create privilege overlap.
• A shared services space exposes common apps to multiple departments, yet each page is trimmed to the minimum content needed for that function to avoid entitlement creep.
• After a review of the Hugging Face Spaces breach, security teams may treat launchpad-style content grouping as a reminder that a visible workspace still depends on hidden access controls.
• Architecture teams align page ownership with business roles and audit trails, using NIST Cybersecurity Framework 2.0 concepts to support periodic entitlement review.

Why It Matters in NHI Security

Spaces and pages matter because they can either support or obscure entitlement risk. When content grouping matches business duties, review teams can quickly see who should access what. When it does not, excess access is harder to justify, and stale authorisations can linger behind a polished user experience. That is especially important in SAP environments where service accounts, integration identities, and delegated admin roles may touch launchpad content indirectly.

The NHI Mgmt Group has found that only 5.7% of organisations have full visibility into their service accounts, which makes any entitlement structure that hides overreach even more dangerous. Spaces and pages do not create privilege by themselves, but they can make excessive access look normal if ownership, role mapping, and review evidence are weak. They also interact with broader identity controls such as onboarding, offboarding, and periodic recertification. Organisations typically encounter the operational cost of misaligned spaces and pages only after a role change, audit finding, or access dispute, at which point the layout becomes unavoidable to address.

Related resources from NHI Mgmt Group

• What do security teams get wrong about branded signing pages?
• What breaks when malware is delivered through shared AI chatbot pages?
• Why do shared chatbot pages create a phishing problem for IAM and browser security?
• Why do fake verification pages work so well against users?