Product Information
SAP Analytics Cloud Tenants API for setting right permissions
Hello All,
Assigning the right accesses, privileges or permissions to the right people ensuring that only the authorised individuals could access certain data on the SaaS (Cloud) based applications is the paramount for any business application.
In this blog, we tried to summarise the steps on how to revoke the rights using an API for the SAP Analytics Cloud users from unintended actions.
Problem Statement:
SAP Analytics Cloud has provision that allows ALL users to create content in the “Sample Folder” in the File structure which sometimes is challenging for the administrators to manage that content further.
Requirement:
This would require then to have an ability for the Administrator(BI admin) to remove the rights from users from accessing and creating any content in the sample folder.
Solution:
The SAP Analytics Cloud Tenant API is a REST API that allows the third party applications access to story and user data stored on an SAP Analytics Cloud tenant.
Using the /Permissions endpoint, you can retrieve content’s permission information and modify it.
Process:
- Step 1: Under System > Administration > App Integration, create a new OAuth client with API Access. Follow this guide for steps on how to create an OAuth client in SAC.
- Step 2: The following GET request returns information on who has access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES
- Step 3: The following DELETE request revokes the default (ALL) grantee’s access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES/ALL
For more details on the SAP Analytics Cloud APIs, please check out the API Hub : https://api.sap.com/package/SAPAnalyticsCloud/rest
Detailed documentation on SAP Analytics Cloud APIs : https://help.sap.com/docs/SAP_ANALYTICS_CLOUD?q=APIs
Hi Venkat
A customer having both SuccessFactors and SAC License would ideally want data security to be applied same in both the tenants. Can we use the APIs to restrict data for Users on SuccessFactors Data in SAC?
Regards
Manivannan P
Hi Venkat,
Thanks for the info on SAC tenant API's.
Link to guide in Step -1 is not accessible and throws the message "We're sorry, but this content is not accessible." though I have tried accessing with S-User and Learning hub license. What level of access is required to access this link ?
Thanks!
Hi Venkat,
we would prefer to not delete but to adjust the authorizations for "ALL" as we still want to grant READ access to our users.
How can this be achieved? The API documentation states that POST and PATCH should not be used as they are only designed to be used for SuccessFactors.
What would you recommend?
Thanks!
Jens-Uwe
Hi Venkata Saikrishna Bollineni,
I'm also very interested to learn how to make sure specific teams would be able to access the Samples folder and revoke rights for All Users.
Thanks for sharing your thoughts!
Kind regards,
Martijn van Foeken | Interdobs
Hi Venkata Saikrishna Bollineni / Mona Walia ,
could you please update on when a more detailled explanation can be provided?
Thanks!
Jens-Uwe
How do we get the xsCompliantGranteeId for a Team.