Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
pranav_kumar11
Employee
Employee
Summary:

In SAP Analytics Cloud, we understand that comments are made on deliverables such as stories and analytic applications can contain confidential information. As a result, while sharing a story and analytical application you now have the option to define commenting privileges for end users - such as the ability to view, add, or delete comments. There are different levels at which commenting privilege can be applied as illustrated in below


Commenting privilege at different levels


Tenant level commenting privilege

Use case: At a tenant level, Admin wanted to ensure, Director of sales are able to add, view and delete comment which compromises of the decision on any data analysis, Managers are able to view comments but could not add comment and sales associates neither should be able to add nor view comments in any of the artifacts (story, Analytical application)

This can be achieved by providing commenting privilege at the role level and any user which doesn’t have the any one of the commenting privilege at the tenant level will not be able to perform those operations on any of the artifacts (Story, Analytical Application). Beside any user which has certain commenting privilege at tenant level can be restricted at individual artifact level which is explained in next section.

In order to deny certain privileges please ensure user/team do not have those privileges via any of the role assigned to them


Commenting privilege via role at tenant level


Artifact level of commenting privilege

Use case: Sales of director for North America should be able to add, view and delete comments on the story created for North America, however story created for APJ region they should be able to only view comments but do not add comments.

This can be achieved by providing required permission at the story (or at folder level), while sharing individual story, provide appropriate rights at the story level to perform only required commenting operations in given story

While sharing Folder, Story, Analytical application you can deny any of the below commenting privilege


Commenting privilege at artifact level (folder, Story, Model, Analytical Application)


View comment: Allow user to view comment

Add comment: Allow user to add comment

Delete comment: Allow user to delete all comments (own +  other’s comment)

Note: User will always be able to delete own comments and threads as long as they can see, this does not require delete comment privilege

Learn More


Broadly, there are two type of comments

  • Story comments: These are comments which user add on the page or any widget and these comments are associated with Story. For Story comments, privilege applied at the story level define the overall privilege user has.

  • Datapoint comments: These are comments which are added in the comment widget or in the table cell from within story however they are associated with the underline model used in table or the comment widget. For datapoint comments, privilege applied at the model and the story derives the effective privilege. If it is denied at anyone place (be it story or model) user will not be able to perform respective commenting operation


 

Examples:

  • I have a story “financial summary” I have added few charts and table to it and these are based on the acquired model “sales”

  • Story “financial summary” and model “sales” is shared with user Eric with full commenting privileges (view, add and delete)

    • Eric will be able to perform both Story and datapoint comments



  • Story “financial summary” is shared with user Jack with view and add commenting privilege but in the model “sales” commenting privileges (view, add and delete comment) are denied

    • Jack will be able to view and add Story comments in  “financial summary” Story however will not be perform datapoint commenting operations within this story and any other story based on this model



  • Story “financial summary” is shared with user Rohit  with no commenting privilege (view, add and delete comment) but in the model “sales” all commenting privileges (view, add and delete comment) are provided

    • Rohit will not be able to perform any commenting operation from within the story “financial summary”, neither story comment nor the datapoint comment.

    • Point to consider - say there is another story, “Current Year Summary” which is created on same model “sale” where Rohit already had commenting privileges and now he gets commenting privilege on the new story “current year summary as well” then Rohit will be able to perform both story comment and datapoint comment from within the story “Current Year Summary”




Note: Thumb rule is denial takes precedence and if in one of the hierarchy (Tenant, Model, Story), if the certain privileges are denied then the respective workflow cannot be performed by that user

 

Flow diagram to explain the overall commenting privilege in SAP Analytics Cloud 


Flow diagram for commenting privilege

3 Comments