Launchpad

The launchpad is the SAP Fiori entry point where users see their available apps and tasks. It is an access presentation layer, not the full control plane, so the tiles a user sees may hide broader backend permissions unless roles are recertified carefully.

Expanded Definition

In SAP Fiori, the launchpad is the user-facing entry point that presents tiles, target mappings, and tasks, but it is not the same thing as the underlying authorization model. That distinction matters in NHI security because the screen a user sees can look narrow even when backend roles, service accounts, and API-connected workflows are much broader. As NIST Cybersecurity Framework 2.0 stresses governance and access control as operational disciplines, the launchpad should be treated as a presentation layer that reflects policy, not as proof that policy is tight.

Usage in the industry is still evolving because some teams speak about the launchpad as if it were the access boundary itself, while others correctly reserve that role for identity, role engineering, and backend entitlement management. NHIMG treats the term as a visibility surface that can expose workflow entry points without fully describing effective privilege. The most common misapplication is assuming a limited tile set means limited authority, which occurs when launchpad curation is mistaken for role recertification.

Examples and Use Cases

Implementing launchpad governance rigorously often introduces review overhead, requiring organisations to weigh a cleaner user experience against the cost of continuous entitlement validation.

• A finance user sees only invoice tiles in the launchpad, but the underlying role also grants access to shared service functions that must be reviewed separately.
• An SAP admin curates launchpad content for a procurement team while Ultimate Guide to NHIs guidance is used to confirm that machine-driven approvals are not backed by overbroad service account permissions.
• A contractor’s launchpad tiles are removed at offboarding, yet an API integration tied to the same account continues to run because the entitlement lifecycle was not fully closed.
• An operations team uses the launchpad to present task-based access, while backend permissions are aligned to NIST Cybersecurity Framework 2.0 access governance requirements.
• A recertification campaign compares visible tiles with actual role membership to detect cases where presentation and authorization have drifted apart.

Why It Matters in NHI Security

The launchpad becomes a security issue when teams confuse what users can see with what identities can actually do. In NHI-heavy environments, that confusion can hide excessive privileges, stale service account access, and workflow paths that continue after ownership has changed. NHIMG research shows that only 5.7% of organisations have full visibility into their service accounts, which makes presentation-layer assumptions especially dangerous when launchpad content is used as a proxy for entitlement review.

Because launchpads often surface business tasks rather than technical permissions, they can create a false sense of control during audits and access reviews. That is why practitioners must inspect the full chain from tile visibility to backend role assignment, API authorization, and secret usage. NHI governance depends on understanding this separation, not on assuming the interface tells the whole story. Organisations typically encounter the real impact only after an incident review reveals that a removed tile did not revoke the underlying account, at which point launchpad governance becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• How should security teams govern SAP Fiori Launchpad access in role-based environments?