Skip to Content
Technical Articles

SAP Analytics Cloud – Managing Licenses with Roles and Teams

What is the best way to manage license assignment with SAP Analytics Cloud? And how exactly do you assign an Analytics Hub ‘named user’ license with a Business Intelligence ‘concurrent session’ license to the same user?

These questions and many more are addressed in my article ‘Managing Licenses with Roles and Teams’. My article is key to eliminating misconceptions, such as incorrectly believing a role or team has a license type. They don’t and there’s no such thing as a ‘named user role’, or a ‘concurrent session team’.

I detail 3 workflows for assigning licenses of which the last enables an automated means of assigning concurrent session licenses, so no manual or repetitive steps are needed.

There are, sadly, multiple ‘gotchas’ and I explain these in detail so you can avoid them. For you to start off on the right foot and avoid any re-work, I’ve summarised my recommendations in a list of ‘Best Practices’.

My article is packed full of handy information that any SAP Analytics Cloud administrator would want to know, and I’ve answered many FAQs directly in the article. I’ve also added a few tips!

You can access my article in the wiki.

Your feedback is most welcome. Before posting a question, please do read the article carefully and take note of any replies I’ve made to others. Please hit the ‘like’ button on this article or comments to indicate its usefulness.

Many thanks

Matthew Shaw @MattShaw_on_BI

/
13 Comments
You must be Logged on to comment or reply to a post.
  • What a great article!  Lots of very useful information.

    Will the assignment of Named and Concurrent session licenses ever be moved into the Menu – Security – User section rather than Roles?  It seems confusing that this assignment is a user level property but must be assigned through an (optional) role assignment.

    • Hello Chris, This feedback echo’s what I’ve already passed on to our development team. Its fully understood that its not ideal and we need to make improvements. I think first to come will be improvements with team membership in that ‘menu-security-users’ section. Nothing yet decided I understand, but I hope we see some improvements in this area soon. Keep the feedback coming! Thanks again Matthew

  • Hi Matthew,

    Thanks a lot for your response to my question on the blog https://blogs.sap.com/2019/06/21/sap-analytics-cloud-security-concepts-and-best-practice/comment-page-1/#comment-527414

    We would be implementing a concept where only the IT gets Named licenses and all the users work with concurrent session licenses. We don’t plan to use Planning and Analytics Hub as of now.

    Coming back to my second question and your answer:

    Q2 “Assign a Role to the User directly as an inheritance via TEAMS is not possible in                                 an “Only Concurrent” scenario”

    A2: Incorrect. Inheritance via a team makes no difference to the type of license a user                              consumes. You can have teams with members that are concurrent and also                                        named. But watch out for gotchas!

    For me the missing link still is the assignment of a Role to a Team of only “BI Concurrent Sessions License” Users. As you yourself mention in Workflow 2 – Point 7, this is not possible as of today. SAP suggested a very time-consuming workaround here – https://launchpad.support.sap.com/#/notes/2963404

    Given this gap, how can it ensured that a set of Application Rights(Roles) are assigned to a specific Team where all users will be consuming a BI Concurrent Session license?

    Best Regards,

    Anirudh

    • Hello Anirudh

      Question: how can it ensured that a set of Application Rights(Roles) are assigned to a specific Team where all users will be consuming a BI Concurrent Session license?

      Answer: I guess it depends on what you mean by ‘ensure’. Perhaps the answer for you is ‘no, you can’t setup the environment in a way that always guarantees that members of a particular team are concurrent’. There’s no such thing as a ‘concurrent team’. It has to be a two step process, firstly determine who is in the team, then for each member of that team determine their license type. It requires a ‘check’ or a ‘monitor’.  There’s no harm using the SCIM API to check and perform this function for you, but you’d need to develop and write that yourself, SAP doesn’t provide a solution here. I guess this is what you’re after?  Perhaps another handy thing, would be for the ‘SAC Usage Content’ to expose, for each user, the license type (I don’t think it does today).

      Regards, Matthew

  • Hi Matthew

     

    Thanks for this blog, very interesting

    This may not be the correct place to ask the question, however i’m keen understand how we can accurately report on the number if licences currently assigned. I can see a number of options within SAC that show usage, etc but what I really need (and it may be out there somewhere) is something that shows we how many Concurrent & Named licences have been assigned and how many of these have been used on a day by day basis.

     

    We need to understand how close we are to reaching our current limit of 60 Named Licences but I can’t find anything that shows this

    If there is anything you could share it would be appreciated

     

    Ed

     

    • Hello Edward

      Thank you for your feedback.

      The tips section has this for a list of which users are assigned which Business Intelligence license:

      Tip: Filter BI license type

      • To list users of ‘named user’ or ‘concurrent sessions’ use the drop-down option (in Security-Users)
      • Or export the list and filter on IS_CONCURRENT

       

      You can determine who is using the service most frequently by generate a list of user logon events with ‘Menu-Security-Activities’. Filter on ‘Activity-Login’ and a time frame (say last 30 days) and export the list. The more login events per user would suggest they use the Service more frequently than others. The users that login most frequently would probably be worthy of a ‘named user’ license, whilst perhaps the others (using it less frequently) could be assigned a ‘concurrent’ license.

       

      I’ll add this to my FAQ list at some point in time.

      Hope this helps?

      Regards, Matthew