For every fiori app in SAP, authorization check is requested and it's reasonable, for example company code check. People from company A should only be allowed to look into data of company A. Company B's data should be fitered out.
I am working on a POC project, the structure of the fiori app:
FrontEnd: smart template
BackEnd: CDS View
Authorization Check: DCL for the above CDS View created.
DCL looks like:
define role I_GAPSTARTNUM_DOC {
grant select on FISVD_DOCNR_GAP_STARTNUM
where
( bukrs ) = aspect pfcg_auth ( F_BKPF_BUK, BUKRS , ACTVT = '03' );
}
Problem Description: Authorization check unsuccessful. Everyone can get every company's information.
How I reach my solution:
Step 1: ensure the DCL is in the system (for systems other than Dev system.)
Step 2: Go to backend system(where CDS view is located), use Tcode: SACM, full name for this tool is Access Control Management.
Step 3: Use Runtime tool "ACM Runtime Tool", input parameters like below, execuate it. You will find if the DCL is execuated.
Step 4: If you find issues inside of the Runtime tools mentioned in Step3, or you just have no idea, you can go to Designtime tool "DCL-Documents" mentioned in Step 2. Check the status of your DCL. Run "Generate ABAP-Artifacts" if the status is not green.
Till this step, I have solved my problem. There are other tools that can be used. Try carefully.