<p>about your learning experience to help us improve.</p>

You've completed

cleanFiles/bookmap_Configuring_SAP_CIAM_for_B2B_en-US_learning-sap-com_lsc-prod.zip (MMCP-DROPZONE) - 2024-12-05T11:57:17.000Z

Introducing Policy-Based Access Control

<div id="content"><p tabindex="0">​Policy-Based Access Control (PBAC) provides a systematic way to manage who can do what within a system based on defined conditions. In SAP Customer Data Cloud B2B, the PBAC model revolves around three main components: Applications, Asset Types, and Assets.</p><dl><dt><strong>Applications</strong></dt><dd>Applications are the primary entities that demand and enforce asset access policies. Think of applications as administrators who oversee their specific domains or functions. For example, if you have an HR application and a Sales application, policies for accessing sensitive employee information or sales data are dictated by the respective application.</dd><dt><strong>Asset Types and Assets</strong></dt><dd>Asset Types are the broad categories of resources that require controlled access and you want to protect, such as servers, databases, customer records, or documents. Assets, on the other hand, are specific instances of these types. Policies determine how these assets are accessed.<div tabindex="0"><h4>Examples of an Asset Type breakdown</h4></div><table border="1" class="table" cellspacing="0" cellpadding="5"><colgroup><col style="width:50%"><col style="width:50%"></colgroup><thead align="left"><tr><th>Asset Type</th><th>Assets</th></tr></thead><tbody><tr><td>Server</td><td>Server A, Server B</td></tr><tr><td>Document</td><td>Sales Report January, Financial Statement Q1</td></tr></tbody></table></dd></dl></div>

Overview of Policy Building Blocks (Applications, Asset Types, Assets)

<div id="content"><p tabindex="0">​In the following video, we’ll guide you through the <strong>Authorization Workspace</strong>, where you can define and manage policies, applications, assets, and conditions for your site or site group. You'll learn how to navigate the interface, view and manage policies and applications, and handle asset types and conditions efficiently. Let's get started mastering the tools that help you control user access within your SAP Customer Data Cloud instance.</p><div class="kalturaVideoLessonWrapper"><div aria-label="" class="kalturaVideoLessonContainer" data-testid="video" id="1_e15gsw1m"></div></div></div>

Authorization Workspace Walkthrough

<div id="content"><p tabindex="0">​In the following video, we explore the creation of custom asset types to improve policy-based access control within your organization. It aims to give you a comprehensive understanding of how to set up and configure custom asset types, enabling you to define and manage access policies more effectively. Let's dive in!</p><div class="kalturaVideoLessonWrapper"><div aria-label="" class="kalturaVideoLessonContainer" data-testid="video" id="1_uzj8eugm"></div></div></div>

Creating Custom Asset Types

From Onboarding to Governance: Mastering SAP Customer Data Cloud for B2B

Explore the Authorization Workspace in SAP Customer Data Cloud, where you can define and manage policies, applications, assets, and conditions to control user access. Learn how to navigate and utilize these features effectively.<br><br># This description was auto-generated #

U5L1V1 Authorization Workspace Walkthrough.mp4

Welcome to this demo video  on the Authorization Workspace in SAP Customer Data Cloud. In this video, we’ll walk you through the Authorization Workspace where you can define and apply policies, applications, assets, and conditions for your site or site group. To start, let's navigate to the Authorization Workspace. Here, admins can define and apply policies, applications, assets, and conditions that control what users can do. On the Policies tab, you can see on the left side the existing policies in the Policy Catalog. The Incomplete policies will be marked with a red dot after the policy’s name. You can see the total number of policies and Incomplete policies at the top of the Policy Catalog card. You can use the search box at the top to narrow down the policies displayed if you have a lot of policies in the catalog.  Clicking on the New Policy button will take you through the steps of defining a new access policy, which we will demo in the next video.  Clicking on each of the policies will take you to the Policy Details screen, where you can view or edit the policy details and associated assets, define which organizations that policy will be available to, and which organization members it is automatically assigned to. You can also activate, deactivate,  or even delete the policy. Still under the Policies tab, on the right side, you can see the existing Applications. Clicking on the New App button allows you to define a new application. Clicking on each of the applications will take you to the Application Details screen, where you are able to view or edit the Application Details, Display Settings, and available Asset Types, as well as view the Client ID and Federation details. You can also delete the application. When you click on the Assets & Conditions tab, you can see the existing Asset Types on the left side. You can search for existing Asset Types or create a new Asset Type by clicking on the New Type button. Clicking on an existing Asset Type takes you to the Asset Type Settings screen, where you can view and manage the selected Asset Type, including the Asset Type Details, Asset Attributes, Actions, Rulesets, and Assets. You can also delete the Asset Type. The Claims Asset Type is predefined The Claims Asset Type is predefined and cannot be deleted. Nevertheless, after clicking  on Claims, you can add or edit the Asset Attributes, Actions, Rulesets, and Assets. On the right side of Assets & Conditions, you can view and manage Conditions, which are essentially policy restrictions based on environmental features such as Date, Time, or IP. This completes our walkthrough of the Authorization Workspace in SAP Customer Data Cloud.  We hope this video helps you confidently manage your policies, assets, conditions, and applications. Thank you for watching!

Learn how to create custom asset types in SAP Customer Data Cloud to enhance policy-based access control. Follow the step-by-step guide to set up and configure custom asset types effectively.<br><br># This description was auto-generated #

U5L1V2 Create custom asset types.mp4

Welcome to this video on creating custom asset types in SAP Customer Data Cloud. In this video, we will guide you through the step-by-step process of setting up and configuring custom asset types to enhance your policy-based access control. First, navigate to the Assets & Conditions tab on the right side of the Organization Management screen. Next, click on the New Type button located in the Asset Types card to start creating a new asset type. Now, enter the necessary details for the new asset type, including Asset Template ID and Description. On the Define Assets Source toggle, you can choose whether Asset Attributes can be sent as part of the authorization request. Let’s leave it to No as the default option. When you click the Create button at the bottom, you’ll be taken to the Asset Type Details screen. On the Asset Type Details screen, click the Asset Attributes tab on the left side, then click the New Attribute button to add a “code” asset attribute. On the right side of the Attributes List card, enter “code” in the Name field. In the Attribute Management Settings section, keep the default data type, String. Activate the Required toggle Activate the Required toggle and enter a value like “Tripod” as the Default Value.  Leave “Can be Updated” as its default value, “Always”. If you activate the Multi Value toggle, you’ll be able to enter multiple Default Values. Don’t forget to change the Length to accommodate the multiple values. In the Authorization Management Settings section, leave the “Can be used in Policies” toggle inactive. If you activate it, this attribute will be used to define the rules in the access policies. Leave "Name for request" as “code” and click on the Create button. Actions define what can be done on this Asset Type or Asset. Navigate to the Actions tab on the left side and click the Create Action button in the middle of the window. It takes you to the New Action screen. Enter the name “Read” and click on the Create button at the bottom. Rulesets allow you to restrict access to an asset under certain conditions, based on the Asset Attributes defined on the Asset Type. Here you see a Predefined Ruleset named All Assets, which means it contains all created assets defined in the Asset Type. If you have already defined an Asset Attributes on the Asset Type which can be used in a policy, you can click on Create Ruleset to define the set of access restriction rules. In this video, we’ll skip it and move on to create Assets. Finally, add one or more assets to the asset type. Click on Assets tab on the left side and then click Create New Assets to include the necessary assets. On the New Asset screen, enter the Name “Camera” and the Description “The Camera Category”. In the Define the Asset Attributes section, you can override the default values for Asset ID and code, but we’ll leave them to the default values. Click on the Create button at the bottom to add the new Asset to the Asset Type. Congratulations! You have successfully created a custom asset type in SAP Customer Data Cloud. You can now use this asset type to define and apply policies for enhanced access control. Thank you for watching this video.

Asset Type	Assets
Server	Server A, Server B
Document	Sales Report January, Financial Statement Q1