You can use Data Access Control in Dimensions to restrict access to individual values in a model to specific users. For example, if you restrict Entity to North America for a user, then they will only be able to see data for North America in their story.
This short video will introduce you to the topic of Data Access Control in model dimensions.
Enable Data Access Control from the Model Preferences
To enable dimension security, switch on Data Access Control (DAC) for each dimension in the Model Preferences. In the example below, you can see that DAC has been enabled for the Entity dimension.
![SAP Analytics Cloud model preferences open to the Access and Privacy section. Data Access Control for the Entity dimension has been enabled.](/service/media/topic/b69b3fc3-dbe8-4e07-896c-b350ed6d51cc/SACA22_38_en-US_media/SACA22_38_en-US_images/SS_DAC_1.png)
Enable Data Access Control from the Dimension Table
It is also possible to switch on Data Access Control in the Rights/Access section of the Dimension Table panel, as shown in the example below.
![In the Preview panel for the Dimension Table, you can see Data Access Control enabled (highlighted in yellow) for the Entity dimension.](/service/media/topic/b69b3fc3-dbe8-4e07-896c-b350ed6d51cc/SACA22_38_en-US_media/SACA22_38_en-US_images/SS_DAC_3.png)
Setting Up Data Access Control in a Dimension
Once DAC is enabled for a dimension, Read and Write columns are available to define which user or team should have Read or Write access to that dimension member.
If the dimension has hierarchical members, the data access settings will be inherited by the lower members of the hierarchy. For example, if you grant Read and Write access to United States, then users will be able to see data for individual states as well.
![SAP Analytics Cloud model open to the Entity dimension where DAC has been enabled](/service/media/topic/b69b3fc3-dbe8-4e07-896c-b350ed6d51cc/SACA22_38_en-US_media/SACA22_38_en-US_images/SS_DAC_2.png)
Note
- Even with Data Access Control applied to a dimension, master data is still be visible to users, as restrictions created using Data Access Control apply only to transaction data.
- If a user is assigned the BI Admin role, or is the model owner, then that user always has full access to the model, regardless of the DAC settings applied to that model.
Version Security in Planning-Enabled Models
You can also use Data Access Control for Version dimensions to restrict access in planning-enabled models.
Adding version security to a model lets you restrict read, write, and delete access to public versions to prevent other users or teams from changing them. For the Version dimension, a Delete column is added as well as Read and Write columns to control which users can delete each public version.
For example:
- Users who have Read privileges for public versions can still copy data to a private version that they can edit, however, as these users don't have write privileges they can't publish into a public version.
- With Delete permissions for a public version, a user can read, publish to, and delete a public version.
Note
- Only users with the Update privilege (defined in Security Roles) can set DAC for a version dimension.
- The default permission is None. You must explicitly grant Read, Write, Delete access to users or teams, including yourself.
How to Restrict Read and Write Access to a Version Dimension
- In the Modeler, open or create a model.
- Select the Version dimension.
- In the Dimension Settings panel, switch on Data Access Control.
- Select OK.
The three additional columns Read, Write, and Delete appear.
- Select a cell under Read and then select the users and teams who you want to have Read access.
- Repeat for Write and Delete access.
You can see details of your choices in the Preview panel.
Additional Information
For more information on Data Access Controls in a dimension, including usage restrictions, go to Set Up Data Access Control | SAP Help Portal.