Maintaining Role Assignment

Objective

After completing this lesson, you will be able to explain different user roles in SAP Sustainability Control Tower.

Roles in SAP Sustainability Control Tower

SAP Sustainability Control Tower uses a role-based authorization model for access control.

In SAP Sustainability Control Tower, a role refers to a defined set of permissions that determine what a user can do within the system. For example, a SUS_SCT_Administrator role has full permissions to edit and configure settings and content, while a SUS_SCT_Reader role only has permissions to view specific information. These roles help manage access and maintain security within SAP Sustainability Control Tower.

Sometimes, roles have overlapping functions, for instance in data management and viewing capabilities. The following roles share common responsibilities related to data management, which include tasks such as uploading and modifying data:

SUS_SCT_DataManager
SUS_SCT_Sustainability_Metrics_Catalogue_Data_Manager
SUS_SCT_Manage_ESG_Data_Manager

However, it is important to note that each role also possesses unique permissions.

When one user needs to perform tasks that fall under different roles, you can use role collections. For instance, a performance analyst might need to combine the roles of SUS_SCT_DataManager and SUS_SCT_Sustainability_Metrics_Catalogue_Data_Manager to fully perform their duties. Similarly, a user might need to have both SUS_SCT_EU_Taxonomy_Sustainability_Expert and SUS_SCT_EU_Taxonomy_Admin roles to manage and administer tasks related to the EU Taxonomy applications.

Using Instance-Based Authorization

To manage access to various business objects on a granular level within your company, you can configure and employ instance-based authorizations. By configuring this option, you can ensure that users have access to only those objects that they need for their daily tasks.

You can use a number of basic authorization policies and further restrict them. For example, if you want a user to be able to view all data for metric targets and actuals as well as all measure actuals for the business location "US", you can use the available base authorization policies MetricTargetReader, MetricActualsReader, and MeasureActualsReader and restrict each of them by the attribute BusinessLocationId with the value "US".

To learn more about using instance-based authorizations, follow Using Instance-Based Authorization | SAP Help Portal.

Fiori Application Related Roles

When you work with the European Sustainability Reporting Standards (ESRS) Starter Pack, you need roles for a variety of apps in SAP Sustainability Control Tower.

Note

The ESRS Starter Pack offers a clear, structured approach to help you meet ESRS standards in SAP Sustainability Control Tower. You can start your ESRS journey with a selected set of metrics. All metrics in scope must have up-to-date sample data available for master data management, activity data, and target data upload as an integral part of the SAP Sustainability Control Tower applications.

To learn more about ESRS starter pack, follow ESRS Starter Pack Implementation Guide (PDF) | SAP Help Portal.

The roles relevant for the ESRS package are listed as follows in the sequence of sections on the SAP Fiori Launchpad:

SAP Fiori Launchpad Sections	Role	Role Description
Steering	SUS_SCT_DataManager	Role for configuring ambitions in the Our Ambitions app.
EU Taxonomy	SUS_SCT_EU_Taxonomy_Admin	Role for configuring EU Taxonomy.
Greenhouse Gas Recording	SUS_SCT_Greenhouse_Gas_Recording_Admin	Role for full access to all functionality of apps in this section.
Data Management	SUS_SCT_Sustainability_Metrics_Catalogue_Configuration_Manager	Role for configuring sustainability metrics.
	SUS_SCT_Sustainability_Metrics_Catalogue_Data_Manager	Role for making changes to sustainability metrics.
	SUS_SCT_Manage_ESG_Data_Administrator	Role for full access to all functionality of the Manage ESG Data app.
Configuration	SUS_SCT_Administrator	Role for setting up the solution.
Reporting	SUS_SCT_EU_Taxonomy_ESRS_Starterpack_View	Role for accessing the tile and ESRS Starter Pack app.

To learn more about climate action roles in SAP Sustainability Control Tower, follow https://help.sap.com/docs/SAP_SUS_SCT/351dea6ee9e343ffae825153b95671d6/fee047cba7194f5cae3b0bc23b89e711.html?locale=en-US#climate-action-roles.

Watch the following video to learn more about each role in detail.

Continue to quiz