Skip to Content
Author's profile photo Former Member

Tcode SACM(Access Control Management) to check authorization issues of CDS Views

For every fiori app in SAP, authorization check is requested and it’s reasonable, for example company code check. People from company A should only be allowed to look into data of company A.  Company B’s data should be fitered out.

I am working on a POC project, the structure of the  fiori app:

     FrontEnd: smart template

     BackEnd: CDS View

     Authorization Check: DCL for the above CDS View created.

DCL looks like:

define role I_GAPSTARTNUM_DOC {

    grant select on FISVD_DOCNR_GAP_STARTNUM


     ( bukrs )          = aspect pfcg_auth ( F_BKPF_BUK, BUKRS  ,            ACTVT = ’03’ );


Problem Description: Authorization check unsuccessful. Everyone can get every company’s information.

How I reach my solution:

   Step 1: ensure the DCL is in the system (for systems other than Dev system.)

   Step 2: Go to backend system(where CDS view is located), use Tcode: SACM, full name for this tool is Access Control Management.


Step 3: Use Runtime tool “ACM Runtime Tool”, input parameters like below, execuate it. You will find if the DCL is execuated.


Step 4: If you find issues inside of the Runtime tools mentioned in Step3, or you just have no idea, you can go to Designtime tool “DCL-Documents” mentioned in Step 2. Check the status of your DCL. Run “Generate ABAP-Artifacts” if the status is not green.


Till this step, I have solved my problem. There are other tools that can be used. Try carefully.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Jörg Knaus
      Jörg Knaus

      Event with SAP_ALL i was not able to perform CDS Queries/Query Browser, so i had to perform DCL Initial Load in SACM to generate the ABAP Artifacts for S4/Hana, after that it worked fine

      thanks for you blog!

      Author's profile photo Former Member
      Former Member


      We are working on S/4 Hana from Authorization side, please could you provide list of new authorization objects for S/4 Hana.


      Author's profile photo Nhan Truong Van
      Nhan Truong Van

      Dear author,

      I cannot see "ACM Runtime Tool" in my system. It is S/4 HANA 1709. Please share me why?



      Dai Nguyen Quang.