Skip to Content

For every fiori app in SAP, authorization check is requested and it’s reasonable, for example company code check. People from company A should only be allowed to look into data of company A.  Company B’s data should be fitered out.

I am working on a POC project, the structure of the  fiori app:

     FrontEnd: smart template

     BackEnd: CDS View

     Authorization Check: DCL for the above CDS View created.

DCL looks like:

define role I_GAPSTARTNUM_DOC {

    grant select on FISVD_DOCNR_GAP_STARTNUM

    where

     ( bukrs )          = aspect pfcg_auth ( F_BKPF_BUK, BUKRS  ,            ACTVT = ’03’ );

}

Problem Description: Authorization check unsuccessful. Everyone can get every company’s information.

How I reach my solution:

   Step 1: ensure the DCL is in the system (for systems other than Dev system.)

   Step 2: Go to backend system(where CDS view is located), use Tcode: SACM, full name for this tool is Access Control Management.

QQ截图20160311184608.png

Step 3: Use Runtime tool “ACM Runtime Tool”, input parameters like below, execuate it. You will find if the DCL is execuated.

QQ截图20160311184902.png

Step 4: If you find issues inside of the Runtime tools mentioned in Step3, or you just have no idea, you can go to Designtime tool “DCL-Documents” mentioned in Step 2. Check the status of your DCL. Run “Generate ABAP-Artifacts” if the status is not green.

QQ截图20160311185321.png

Till this step, I have solved my problem. There are other tools that can be used. Try carefully.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Jörg Knaus

    Event with SAP_ALL i was not able to perform CDS Queries/Query Browser, so i had to perform DCL Initial Load in SACM to generate the ABAP Artifacts for S4/Hana, after that it worked fine

    thanks for you blog!

    (0) 

Leave a Reply