Access and Safe Usage

In SAP Business AI, access to AI capabilities is controlled through established identity and authorization mechanisms.

When a user interacts with an AI feature, the process follows two main steps:

1. The system first verifies who the user is (authentication).
2. The system then evaluates what the user is allowed to do (authorization).

Authentication is typically handled through identity providers such as SAP Cloud Identity Services (IAS) or corporate identity systems. Once authenticated, users receive access based on their assigned roles and permissions. This approach helps ensure that only authorized users can access AI features and interact with business data.

SAP uses role-based access control (RBAC) to manage permissions across applications and AI capabilities. RBAC means that:

• Users are assigned roles.
• Each role defines the actions the user is permitted to perform.
• Access decisions are evaluated based on these roles and associated permissions.

When a user interacts with an AI capability, their roles and permissions are checked before access is granted. In many SAP AI scenarios, access control is aligned with the underlying SAP applications and their authorization concepts. This helps ensure that AI interactions remain consistent with existing security policies.

In SAP AI scenarios, actions are performed within the user’s identity and authorization context. This means:

• The user’s identity is preserved across system interactions.
• Authorization checks are applied before data is accessed or actions are executed.
• Access decisions are enforced based on the user’s existing permissions.

As a result, AI-driven interactions are governed by the same authorization principles as direct application access.

Because AI can interact with business processes and systems, SAP applies additional controls to help ensure safe and governed usage. These include:

Scoped access and policy enforcement

AI interactions operate within defined scopes, enforced through authorization controls and policies.

Controlled tool and action access

In advanced scenarios, such as agent-based AI, access to tools and system functions is restricted through allow-lists and orchestration controls.

Human-in-the-loop controls

For sensitive or high-impact actions, additional approval steps can be required before execution.

Audit and traceability

AI interactions are logged, supporting monitoring, compliance, and investigation if needed.

Together, these controls help ensure that AI capabilities are used within defined boundaries and governance frameworks.

Access to SAP Business AI is governed through established identity and authorization mechanisms. SAP supports safe usage by:

• Authenticating users and verifying their identity.
• Applying role-based access control to define permissions.
• Enforcing authorization checks during AI interactions.
• Operating AI within the user’s authorization context.
• Applying additional safeguards such as controlled access, policy enforcement, and auditability.

This approach helps ensure that AI capabilities remain controlled, secure, and aligned with enterprise security requirements.