Skip to Content
Author's profile photo Former Member
Former Member
April 3, 2016 2 minute read

Taking a look at data security in SAP BusinessObjects Cloud

Data Access in Cloud for Analytics allows you to implement the concept of data/row level security. The solution also has the ability to restrict access to content (i.e. models, stories etc).

 

I wanted to create a simple model to configure and test the data level security within the solution and started by creating a new model. When I created the Company Code dimension I flagged the Enable Data Access Control option, this essentially flags the dimension as being authorization relevant.

Pic 1 - Enable Data Access.png

 

When presented with the gird to be able to managed the master data of the dimension two additional fields become, Read and Write. These fields allow the assignment of Cloud for Analytics user to be able to either read (view) the records for the transnational data , relating to company codes in this case, or write (plan) data. As my model isn’t enabled for planning, I am only concerned with the Read option in this case.

Pic 2 - Dimension data.png

 

 

By selecting the Read cell again the relevant Company Code rows you can then choose and assign the necessary user accounts.

Pic 3 - Users.png

 

Completing this for all company codes then shows the users accounts that are assigned for the values.

Pic 4 - Assigned users.png

 

 

 

After loading some transactional data, building a quick story with a chart and running the data as my account (MPOTTS – authorised to see all company codes) then I see the following data.

Pic 5 - All Comp Codes.png

 

 

Viewing the story as user AWORKS, only authorised to company code 2000, only that company code is displayed. Not a great visualisation of course but it proves the point around the row level security. As like with all of the Cloud for Analytics capabilities I’ve explored so far, very easy to setup and manage.

Pic 6 - One Comp Codes only.png

 

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Brian Kudera
      Brian Kudera

      This isn't very useful when we have hundreds of users and thousands of company codes... who would maintain all of this?

      Author's profile photo Vinay Suneja
      Vinay Suneja

      Hi Brian,

      Did you find a solution to this ?

      I am looking to do the same and my source is flat file

      Author's profile photo Brian Kudera
      Brian Kudera

      Unfortunately this caused us to move over to use Microsoft PowerBI since we couldn't find a workaround in SAC.

       

      It looks like SAC has still not resolved this:

      https://influence.sap.com/sap/ino/#/idea/214829

       

      Author's profile photo Roopa Puranik
      Roopa Puranik

      Agree with Brian. Is there a better and easier way to implement the row level security in the acquired/import connection method vs maintaining all the security manually in the model? We have to keep up with the org changes and it becomes very tedious maintaining all this in the model.

      For live connection, it works well as we have defined table driven security but the live connection lacks certain features we are looking for so we are going with import connection.