I'm currently testing a Freestyle SAP Fiori project that I've deployed to my Sub Account Space. The app shows as successfully deployed and in a running state, but every time I try to access it, I'm hit with a 403 Forbidden error.

• Screenshot 1: Error message displayed when attempting to access the app
• Screenshot 2: The app's active running status in the Sub Account Space

Update 1: Roles, Scopes, and Role Templates Are All Empty #

I dug into the deployed app's configuration and noticed that the Roles, Scopes, and Role Templates sections are completely empty. I'm suspecting this might be the reason behind the 403 error. If that's the case, how do I properly assign these security components to resolve the issue?

Update 2: xs-security.json Is Present in the MTAR Archive #

I checked my MTAR Archive and confirmed that the xs-security.json file is included. Here's the full content of the file:

{
  "xsappname": "demofiori",
  "tenant-mode": "dedicated",
  "description": "Security profile of called application",
  "scopes": [
    {
      "name": "uaa.user",
      "description": "UAA"
    }
  ],
  "role-templates": [
    {
      "name": "Token_Exchange",
      "description": "UAA",
      "scope-references": [
        "uaa.user"
      ]
    }
  ]
}

内容的提问来源于stack exchange，提问作者Maryo David