General SAP Analytics Cloud Security
Security in SAP Analytics Cloud is used to control access to data and also access to objects. It is carried out in the following ways:
- Controlling access to objects, or who can create a model, is accomplished via roles.
- Controlling data access, or who can view what data and how they can interact with it, is accomplished primarily via data access control in dimensions; however, it can also be carried out via roles.
A role represents the main tasks that a user performs in SAP Analytics Cloud. SAP Analytics Cloud is delivered with several standard application roles; however, the roles you see will depend on the licenses included in your subscription.
Roles are used mainly to control activities in the system. In this context, roles are also object oriented, for example, user X can update dimension Y.
- Create: Permits creating new objects of this item type. Users need this permission to create files and folders or upload data to an object, such as models, stories, point of interest, and others.
- Read: Permits opening and viewing an item and its content.
- Update Permits editing and updating existing items, including the structure of models and dimensions.
- Delete: Permits deletion of the item.
- Execute: Permits executing the item to run a process, for example, running a simulation using a legacy Value Driver Tree, or acquiring data from a data source.
- Maintain: Permits the maintenance of data values, for example adding records to a model, without allowing changes to the actual data structure.
- Share: Permits the sharing of the selected item type.
- Manage: This permission lets users manage content; for example, deleting content for any users, and resharing, copying, and moving content.
Visit SAP Help for additional information on permissions.
Example of Security Permissions
Assignments are typically team-based with users assigned to teams and then roles assigned those teams. Roles are not typically assigned directly to users.
|Name||Create/ Read/ Update/ Delete||Execute||Maintain||Notes|
|Dimension||X||X||Set the Maintain permission to permit adding members to a dimension without being able to change the actual definition. Set Update to allow changing the dimension itself.|
|Planning Model||X||X||X||Set the Maintain permission to permit adding records of data without being able to change the actual structure. Set Update to allow changing the model structure itself. Set Execute to enable planning features.|