Commenting privilege in SAP Analytics Cloud
In SAP Analytics Cloud, we understand that comments are made on deliverables such as stories and analytic applications can contain confidential information. As a result, while sharing a story and analytical application you now have the option to define commenting privileges for end users – such as the ability to view, add, or delete comments. There are different levels at which commenting privilege can be applied as illustrated in below
Tenant level commenting privilege
Use case: At a tenant level, Admin wanted to ensure, Director of sales are able to add, view and delete comment which compromises of the decision on any data analysis, Managers are able to view comments but could not add comment and sales associates neither should be able to add nor view comments in any of the artifacts (story, Analytical application)
This can be achieved by providing commenting privilege at the role level and any user which doesn’t have the any one of the commenting privilege at the tenant level will not be able to perform those operations on any of the artifacts (Story, Analytical Application). Beside any user which has certain commenting privilege at tenant level can be restricted at individual artifact level which is explained in next section.
In order to deny certain privileges please ensure user/team do not have those privileges via any of the role assigned to them
Artifact level of commenting privilege
Use case: Sales of director for North America should be able to add, view and delete comments on the story created for North America, however story created for APJ region they should be able to only view comments but do not add comments.
This can be achieved by providing required permission at the story (or at folder level), while sharing individual story, provide appropriate rights at the story level to perform only required commenting operations in given story
While sharing Folder, Story, Analytical application you can deny any of the below commenting privilege
View comment: Allow user to view comment
Add comment: Allow user to add comment
Delete comment: Allow user to delete all comments (own + other’s comment)
Note: User will always be able to delete own comments and threads as long as they can see, this does not require delete comment privilege
Broadly, there are two type of comments
- Story comments: These are comments which user add on the page or any widget and these comments are associated with Story. For Story comments, privilege applied at the story level define the overall privilege user has.
- Datapoint comments: These are comments which are added in the comment widget or in the table cell from within story however they are associated with the underline model used in table or the comment widget. For datapoint comments, privilege applied at the model and the story derives the effective privilege. If it is denied at anyone place (be it story or model) user will not be able to perform respective commenting operation
- I have a story “financial summary” I have added few charts and table to it and these are based on the acquired model “sales”
- Story “financial summary” and model “sales” is shared with user Eric with full commenting privileges (view, add and delete)
- Eric will be able to perform both Story and datapoint comments
- Story “financial summary” is shared with user Jack with view and add commenting privilege but in the model “sales” commenting privileges (view, add and delete comment) are denied
- Jack will be able to view and add Story comments in “financial summary” Story however will not be perform datapoint commenting operations within this story and any other story based on this model
- Story “financial summary” is shared with user Rohit with no commenting privilege (view, add and delete comment) but in the model “sales” all commenting privileges (view, add and delete comment) are provided
- Rohit will not be able to perform any commenting operation from within the story “financial summary”, neither story comment nor the datapoint comment.
- Point to consider – say there is another story, “Current Year Summary” which is created on same model “sale” where Rohit already had commenting privileges and now he gets commenting privilege on the new story “current year summary as well” then Rohit will be able to perform both story comment and datapoint comment from within the story “Current Year Summary”
Note: Thumb rule is denial takes precedence and if in one of the hierarchy (Tenant, Model, Story), if the certain privileges are denied then the respective workflow cannot be performed by that user
Flow diagram to explain the overall commenting privilege in SAP Analytics Cloud