Exploring Data Privileges

Objective

After completing this lesson, you will be able to restrict the portion of dataset for certain users.

Scenario: Regional Data Access Control

Data privileges are a critical element in SAP BTP for ensuring that specific data access is granted only to authorized users. By setting data privileges, you control access to certain data sets based on user roles or team assignments. This lesson focuses on configuring data privileges to restrict data access to specific regions for different teams.

The image shows two views of an SAP software application interface, displaying user access privileges and permissions for different cost centers and regions, including details on currency, business location, and team access levels.

Scenario: Regional Data Access Control

Objective:

Specific Access: Provide access to regional data records to users based on their team assignments.​

Teams Involved:​

Team A: To have access to EMEA and APAC region records.​

Team B: To have access to NA region records.​

Benefit:

Tailored Data Access: Ensures that users only access data relevant to their role or region, enhancing security and operational focus.

Implementing Data Privileges

Define Data Privileges:

Access Rules: Set up rules to control which users or teams can access specific data sets.​

Regional Access: In this case, configure data privileges to limit access to EMEA, APAC, and NA region records.​

Assign Teams to Regions:

Team A: Users in this team have access to EMEA and APAC records.​

Team B: Users in this team have access to NA records.

Data privilege is a powerful feature which enables you to restrict data visibility based on a certain criteria: region, fiscal year, company code and team.

Activity Field Data Privileges

Data privileges can be configured directly under the activity fields, which offer a significant advantage over tile-based data privilege configurations. When configured at the activity field level, these privileges are retained during environment transport between tenants, eliminating the need to reconfigure them from scratch in the new environment.

The image shows two views of an SAP software application interface. The left view displays an input form with fields for maintaining periods, activity fields, and activity parameters. The right view shows a table view of data.

Overview of Activity Field Data Privileges

Purpose:

Durability: Ensures that data privileges are carried over when transporting environments from one tenant to another.​

Consistency: Maintains consistent access control settings across different tenants without reconfiguration.

Comparison with Tile-Based Data Privileges

Tile-Based Data Privileges: Need reconfiguration after environment transport.​

Activity Field Data Privileges: Retained and automatically applied in the new tenant, ensuring seamless data access control.

Learn how to apply data privilege on a field level.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn