Data Access Control in SAP Analytics Cloud

Data Access Control in SAP Analytics Cloud Acquired/Import Models can be used to restrict users to access specific dimension members. By enabling data access, only subset of whole data (like specific Region, Sales Org, Segment, etc.) is made visible to end users.

Data Access Control can be enabled in Imported Data Models only and for SSO Enabled Live Models by default users will only see data for which access is enabled at backend.

Below are the steps for setting up Data Access Control/ Row level Security in SAC:

Enabling Data Access Control:

There are 2 ways of doing it.

Option 1: It can either be enabled from Model Preferences > Access and Privacy > Data access control in Dimensions:

Option 2: Click on the dimension on which you want to apply data access control

On right side under dimension settings you will see the option to enable it:

Setting up Access:

Once Data Access Control is enabled, you can see now that “Read” and “Write” column is visible in grid display mode:

Now you can specify User/ or Team in “Read” column against a particular dimension member.

* Please note the assigned user should not be part of admin group else control won’t be applicable

* Also write column is applicable for planning models, since it would make sense for users to write    values only in some planning scenario

* Multiple users must be grouped in Teams and assign access

Once access controls are set, save and exit the model

Verify the Data Access Controls in Story:

• Without Data Access Control:

• With Data Access Control:

In this way we can setup Data Access Control in SAC acquired data models and restrict users to view specific dataset.

Reference :

https://www.sapanalytics.cloud/resources-roles-and-security-permissions/

Hemant Tiwari & Suvam Dey

(Authors)