Thanks for the fast response and your valuable suggestions!
Yes, we did think about your first concern, so our approach is to have an additional rule layer(BRF+ or DSM rests on the same back-end system as the user and gateway). BRF+ will act a filter and send only those fields (that a user is authorized to) to the gateway service, which is consumed by UI5.
Coming to my question - what are the options if we pay?