Introduction to ACE
A lot of big clients having big or complex CRM installations face the same problem: how can we restrict the users only to particular data that they need to see?
We don’t mean authorizations related to functionality, but related to business content (Real time data). Imagine you run a big business and have millions of customers worldwide. Then a sales representative responsible for a group of customers in Region AAA should not see any customers from Region XXX in his search results. Or a sales representative with responsibility for a certain branch should not be bothered with customers of other branches. Most important here is if the structure of the sales organization changes, you don’t want to end up changing all kind of authorization profiles/Roles.
To solve these issues, SAP came up in CRM with a pretty nice solution: CRM-ACE. This stands for Access Control Engine and is a framework to dynamically calculate user dependent access rights on object level. It originates from Channel Management but works in all PCUI (People Centric User Interface) functionalities. One Limitation here is, it doesn’t work in other environments like IC Web client or via the SAP GUI.