Securing Data Using Model Data Privacy

Objectives

After completing this lesson, you will be able to:

  • Set up Model Data Privacy
  • Validate Model Data Privacy

Data Security using Roles

Setting Up Data Access Security Using Roles

As SAP Analytics Cloud administrator at The Mock Company, you have been asked to apply data security using roles to the HR_SACADM model. Watch this video to find out how to apply data security using roles.

Model Data Privacy

To set data security using roles, enable the Model Data Privacy in the Model Preferences. This setting determines whether the model data is visible to users other than the owner.

If you switch on Model Data Privacy, only the owner of the model and user roles that have specifically been granted access can see the data. Disable this switch if you want the model and data to be public.

Model Preferences - Access and Privacy with Model Data Privacy enabled (highlighted)

Process Summary

Once the Model Data Privacy is enabled on the model, access to the model data can be granted using roles.

To enable access to data:

  1. Open an existing role.
  2. Choose Select Model, and pick the required model. Only models with Model Data Privacy enabled will be visible for selection.
  3. Select Full Access or Limited Access.
  4. For Limited Access select either Add Read Access or Define Write Access and apply the required data access filters.
  5. Save your settings.

Any user that is assigned the role will have access to subset of model data based on the data access filter definition, as shown in the following example.

Data Access Filter for HR_SACADM model with Office Location set to North America, and three Department ID attributes for HR, Operations, and Accounting set for the HR_Adhoc_NA role.

Set Up Data Access Security using Roles

Business Scenario

You have been asked set up data access security using roles for the HR_SACADM model. You need to set up data access security so that users who are assigned specific roles are granted either Read or Write access to the data, depending on their role requirements.

In this practice exercise, you will:

  • Verify that the model has Model Data Privacy enabled.
  • Assign a role to the model.
  • Apply data access filters for the model for Region and Department.

Validate Data Access Security using Roles

Business Scenario

You have enabled Model Data Privacy for the HR_SACADM model and have applied data access security to roles. Now, you need to validate data access security to check that users can only see the data that their roles allow.

In this practice exercise, you will:

  • Validate data access security for the HR_Adhoc_NA role.
  • Validate data access security for the HR_Adhoc_OS role.
  • Validate data access security for the HR_User_NA role.

Log in to track your progress & complete quizzes