来自我的同事Xu Miles

Authorization Objects are business concept, they are distinguished by business scenario.
Therefore, there might be a lot of Authorization Objects using the same Authorization Field. Such as VKORG.

In Sales Planning, there're two Authorization Objects related to Sales Area, V_VBAK_VKO and V_VBRK_VKO, they represent transaction scenario Sales Document and Billing Document repectively. If we want to extract the Sales Area master data, technically we could use any Authorization Object with Authorization Field VKORG, VTWEG, SPART.
However, considering the authorization of the business user, we need to use Authorization Object V_VBAK_VKO and V_VBRK_VKO separately when end user is planning for income sales or sales volume.
To do this, we could use additional CDS view + DCL to realize.

Example on ERG/001:

CDS: ZMX_SalesArea_DCL
DCL: ZMX_SalesArea_DCL
The logic in DCL:

@EndUserText.label: 'Auto assigned mapping role for ZMX_SalesArea_DCL'
@MappingRole: true
define role ZMX_SalesArea_DCL  {
grant select on ZMX_SalesArea_DCL
where (SalesPlanPurpose = '0' and (SalesOrganization, DistributionChannel, Division) =
aspect pfcg_auth (V_VBAK_VKO,
VKORG,
VTWEG,
SPART,
actvt = '03'))
OR (SalesPlanPurpose = '1' and (SalesOrganization) =
aspect pfcg_auth (V_VBRK_VKO,
VKORG,
actvt = '03'));
}

The logic in the CDS view:

define view ZMX_SalesArea_DCL
as select from
I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'0' as SalesPlanPurpose

}
union all select from I_SalesArea
{
key SalesOrganization,
key DistributionChannel,
key Division,

'1' as SalesPlanPurpose
};

Authorization test on QW9/910
User: MILES01
Authorization:

Test Report:

REPORT mx_test_sa_dcl.

PARAMETERS:
p_purp TYPE C LENGTH 1.

DATA:
lt_tab TYPE STANDARD TABLE OF i_salesarea_dcl.

SELECT * FROM i_salesarea_dcl INTO TABLE @lt_tab
WHERE salesplanpurpose = @p_purp.

LOOP AT lt_tab ASSIGNING FIELD-SYMBOL(<fs_row>).
WRITE:/ <fs_row>-salesorganization, <fs_row>-distributionchannel, <fs_row>-division, <fs_row>-salesplanpurpose.
ENDLOOP.

WRITE:/ 'Finished.'.

The logic flow is that firstly we use SalesPlanUUID to get SalesPlanPurpose, then with SalesPlanPurpose we could get the Sales Area master data via the corresponding Authorization Objects.
SalesPlanPurpose: 0 (Incoming sales)

SalesPlanPurpose: 1(Sales Volume)

本文来自云栖社区合作伙伴“汪子熙”，了解相关信息可以关注微信公众号"汪子熙"。