SAP Cloud Analytics (SAC) is one of the latest enterprise cloud solution provided by SAP for planning and predictive analysis.The authorization management of the cloud application is unique and one of the key aspect of SAC authorization management is the control of folder access from individual user or team (group of users).In SAC the authorization is mainly controlled by SAC role,SAP back-end system (e.g. S/4 HANA) and SAC folder access. In this blog,I will explain step-by-step process on how to secure folder access in SAC.
Please follow the below steps to restrict the folder access from specific user or team. You should have necessary admin access to perform this activity. Please make sure you should use Google Chrome as all SAC functionalities are not available in other browsers.
Step 1:Login to SAC and click on the three horizontal stripe button.
Step 2: Click on Browse > Files
Step 3: You can see the standard Public folder. Click on this folder. Please note I want to demonstrate the restriction settings of sub folder of the Public folder here. If you want to put restriction on Public folder please follow the same process like other folders.
Step 4: Select the appropriate folder where you want to put restriction and then click on the manage button.For demonstration purpose we will use the test folder here.
Update 17/06/20: This process has been changed.Select Share icon in menu bar. From there you can assign View/Edit/Full Control to a Team or User.
Step 5: Click on the Sharing Settings which can be available under Manage button. A pop up of Edit Sharing Settings will show up.Here you can set the required restriction on teams or users. There is an option for restriction on the sub-folder and documents is also available.You need use the button called Add Users and Teams to set up the restriction on the selected folder.
Step 6: You need to check the required access you want to provide to users or team. There are six types of access available. Also there is an option for All Users. After selecting the appropriate access press on the Add Users and Teams button.You can see the list of user and teams to select.Here I want to put restriction on the team called Testing. Select team Testing and the press OK.
Step 7: A popup will be visible showing the required setting for the team Testing. You can modify the setting in this popup if you want. Press Save button to save the settings.
Folder security setting is one of the key aspect for the SAC security design. Hence, as a security consultant you need to design the folder security settings based on the folder structure and team structure.Folder restriction along with role assigned to the users/team, you can control the access in the SAC application.The folder security settings needs to be decided based on the discussion with corresponding functional and business team who will be accessing the application. Please share your feedback and comments.