Tcode SACM(Access Control Management) to check authorization issues of CDS Views

For every fiori app in SAP, authorization check is requested and it’s reasonable, for example company code check. People from company A should only be allowed to look into data of company A.  Company B’s data should be fitered out.

I am working on a POC project, the structure of the  fiori app:

     FrontEnd: smart template

     BackEnd: CDS View

     Authorization Check: DCL for the above CDS View created.

DCL looks like:

define role I_GAPSTARTNUM_DOC {

    grant select on FISVD_DOCNR_GAP_STARTNUM

    where

     ( bukrs )          = aspect pfcg_auth ( F_BKPF_BUK, BUKRS  ,            ACTVT = ’03’ );

}

Problem Description: Authorization check unsuccessful. Everyone can get every company’s information.

How I reach my solution:

   Step 1: ensure the DCL is in the system (for systems other than Dev system.)

   Step 2: Go to backend system(where CDS view is located), use Tcode: SACM, full name for this tool is Access Control Management.

Step 3: Use Runtime tool “ACM Runtime Tool”, input parameters like below, execuate it. You will find if the DCL is execuated.

Step 4: If you find issues inside of the Runtime tools mentioned in Step3, or you just have no idea, you can go to Designtime tool “DCL-Documents” mentioned in Step 2. Check the status of your DCL. Run “Generate ABAP-Artifacts” if the status is not green.

Till this step, I have solved my problem. There are other tools that can be used. Try carefully.