Defining Security

Objectives
After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Identify security features of SAP Analytics Cloud

Users, Roles, and Teams

SAP Analytics Cloud uses the user management and authentication mechanisms provided with SAP Cloud Identity Management. SAP Analytics Cloud provides basic user management to create, delete, and change role assignment. It is possible to import user data from and export user data to a CSV file if you want to synchronize users with other systems or maintain users in batch mode. Customers can replace the default identity provider with their own custom identity provider.

Note
Importing users from an active directory server is not supported.

The figure shows the user master data of SAP Analytics Cloud.

X509 User Mapping can be used to link to a user's SAML Identity in an external SAML Identity Provider.

Import Users

Watch this video to learn how to import users from a flat file.

Watch this video to learn about the roles and the permissions associated with it.

There are pre-delivered standard application roles as follows:

  • System Owner
    • Full privileges
    • Only one user can be assigned to this role
  • Admin
    • Full privileges
    • Can access all functional areas and has data read access
  • Modeler
    • Modeling privileges
    • Full access to all models and dimensions
  • Planner/Reporter
    • Planning and reporting privileges
    • Data access granted separately
  • Viewer
    • Planning read only
    • No privileges to change anything
  • BI Admin
    • Full privileges
    • Can access all functional areas and has data read access
  • BI Content Creator
    • Content creator
    • Can create BI content and models
  • BI Content Viewer
    • BI read only
    • No privileges to change anything
  • SAP BTP Content Creator
    • Access to SAP BTP as a datasource
  • SAP BTP Content Viewer
  • Boardroom Creator
    • Can create boardrooms
  • Boardroom Viewer
    • Allowed to view boardrooms

Teams in SAP Analytics Cloud

You can also control access to information using teams.

  • A team is a group of users.

  • A user can belong to multiple teams.

  • If a role is assigned to a team, then all the members of the team inherit that role.

  • Each team has a team folder, which can only be accessed by the users in that team.

SAP Analytics Cloud Teams

Assigning Roles to Teams

You can indirectly assign the role to the users by assigning the role to a team. You can do the following in any order:

  • Assign users to teams.
  • Assign roles to teams.
Note

There are three basic ways of creating users in the system. Creating users via SCIM API's and Dynamic User Creation using custom SAML IDP, manual, and by importing from a file.

Controlling Access to Stories

Administrators can define who has what type of access to SAC stories and related elements.

Workspaces

Workspaces are virtual spaces that an SAP Analytics Cloud administrator can set up to mimic your organization's departments, lines of business, regional structure, or any other organizational setup. Workspaces let you organize content for access by different teams of users, and they can share and collaborate on content within the confines of the workspace.

Workspace administrators can use the workspace management tool to create, manage, or delete new workspaces. Because the workspace is essentially a partition of the SAP Analytics Cloud file repository, the content and administration of the workspace can be customized for a smaller group of SAC users without adjusting the overall content and administration for the entire SAP Analytics Cloud tenant. For example, workspaces can be created in which departments can create their own data models and stories that no other SAP Analytics Cloud user can access.

If users are assigned to workspaces, they will be prompted to choose My Files or their assigned workspace when creating models and stories. If a workspace is deleted, all of the content will be deleted and cannot be recovered. However, the ability to delete a workspace is tightly controlled.

Data Security

Define Data Access by Dimension

Watch this video to learn about data security options.

Note

For more information, see the Apply Model Privacy video in the Help Center.

Save progress to your learning plan by logging in or creating an account