Skip to Content
Author's profile photo Former Member

Tcode SACM(Access Control Management) to check authorization issues of CDS Views

For every fiori app in SAP, authorization check is requested and it’s reasonable, for example company code check. People from company A should only be allowed to look into data of company A.  Company B’s data should be fitered out.

I am working on a POC project, the structure of the  fiori app:

     FrontEnd: smart template

     BackEnd: CDS View

     Authorization Check: DCL for the above CDS View created.

DCL looks like:

define role I_GAPSTARTNUM_DOC {

    grant select on FISVD_DOCNR_GAP_STARTNUM

    where

     ( bukrs )          = aspect pfcg_auth ( F_BKPF_BUK, BUKRS  ,            ACTVT = ’03’ );

}

Problem Description: Authorization check unsuccessful. Everyone can get every company’s information.

How I reach my solution:

   Step 1: ensure the DCL is in the system (for systems other than Dev system.)

   Step 2: Go to backend system(where CDS view is located), use Tcode: SACM, full name for this tool is Access Control Management.

QQ截图20160311184608.png

Step 3: Use Runtime tool “ACM Runtime Tool”, input parameters like below, execuate it. You will find if the DCL is execuated.

QQ截图20160311184902.png

Step 4: If you find issues inside of the Runtime tools mentioned in Step3, or you just have no idea, you can go to Designtime tool “DCL-Documents” mentioned in Step 2. Check the status of your DCL. Run “Generate ABAP-Artifacts” if the status is not green.

QQ截图20160311185321.png

Till this step, I have solved my problem. There are other tools that can be used. Try carefully.

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Jörg Knaus
      Jörg Knaus

      Event with SAP_ALL i was not able to perform CDS Queries/Query Browser, so i had to perform DCL Initial Load in SACM to generate the ABAP Artifacts for S4/Hana, after that it worked fine

      thanks for you blog!

      Author's profile photo Former Member
      Former Member

      hello

      We are working on S/4 Hana from Authorization side, please could you provide list of new authorization objects for S/4 Hana.

      Thanks
       

      Author's profile photo Nhan Truong Van
      Nhan Truong Van

      Dear author,

      I cannot see "ACM Runtime Tool" in my system. It is S/4 HANA 1709. Please share me why?

       

      Thanks,

      Dai Nguyen Quang.