Technical Articles
Manage folder access in SAP Cloud Analytics (SAC)
SAP Cloud Analytics (SAC) is one of the latest enterprise cloud solution provided by SAP for planning and predictive analysis.The authorization management of the cloud application is unique and one of the key aspect of SAC authorization management is the control of folder access from individual user or team (group of users).In SAC the authorization is mainly controlled by SAC role,SAP back-end system (e.g. S/4 HANA) and SAC folder access. In this blog,I will explain step-by-step process on how to secure folder access in SAC.
Please follow the below steps to restrict the folder access from specific user or team. You should have necessary admin access to perform this activity. Please make sure you should use Google Chrome as all SAC functionalities are not available in other browsers.
Step 1:Login to SAC and click on the three horizontal stripe button.
Step 2: Click on Browse > Files
Step 3: You can see the standard Public folder. Click on this folder. Please note I want to demonstrate the restriction settings of sub folder of the Public folder here. If you want to put restriction on Public folder please follow the same process like other folders.
Step 4: Select the appropriate folder where you want to put restriction and then click on the manage button.For demonstration purpose we will use the test folder here.
Update 17/06/20: This process has been changed.Select Share icon in menu bar. From there you can assign View/Edit/Full Control to a Team or User.
Step 5: Click on the Sharing Settings which can be available under Manage button. A pop up of Edit Sharing Settings will show up.Here you can set the required restriction on teams or users. There is an option for restriction on the sub-folder and documents is also available.You need use the button called Add Users and Teams to set up the restriction on the selected folder.
Step 6: You need to check the required access you want to provide to users or team. There are six types of access available. Also there is an option for All Users. After selecting the appropriate access press on the Add Users and Teams button.You can see the list of user and teams to select.Here I want to put restriction on the team called Testing. Select team Testing and the press OK.
Step 7: A popup will be visible showing the required setting for the team Testing. You can modify the setting in this popup if you want. Press Save button to save the settings.
Folder security setting is one of the key aspect for the SAC security design. Hence, as a security consultant you need to design the folder security settings based on the folder structure and team structure.Folder restriction along with role assigned to the users/team, you can control the access in the SAC application.The folder security settings needs to be decided based on the discussion with corresponding functional and business team who will be accessing the application. Please share your feedback and comments.
Hi Amit,
actually I tried these steps and I can perfom them only on folder created by me, so folder I own, even if I am the system owner. Is it the right behavior?
As system administrator I need to manage folder access on several folder already created by the development team: do I need to be the owner of all the folders? Can the folder owner be changed somehow?
Thanks in advance
Chiara Benvenuti
The workflow has been changed. #Step 4 should now read Select Share icon in menu bar. From there you can assign View/Edit/Full Control to a Team or User. I don't think it is intuitive <shrug>
Thanks for the update
Ideally you should able to do the admin activties for all folders.Please recheck your access.
I have the same problem. My SI created the folders but even as system owner I am unable to share the folders or reports now. Is there a resolution to this?
Thanks
Andrew Wright
The workflow has been changed. #Step 4 should now read Select Share icon in menu bar. From there you can assign View/Edit/Full Control to a Team or User. I don't think it is intuitive <shrug>
I have the same issue. I am the system owner but I can't change folder permissions.
Hi,
If I want to see what access a particular team has, is there a easy way to find that?
As of now, Under teams section, I can only see the teams and the team members. But how do I know what access particular team provides?
I can think of a solution -- > which is hovering to individual folder and stories - click on share button and find out which all teams are assigned and make a note of it. But this is too time taking.
Is there any other option available?
Regards,
Harsimran Kaur
Hi,
I want only the owner of the report or Admin should be able to delete or overwrite the report. Others can view it or edit it and do save as. How to implement that?
Thanks
Dinesh