Skip to Content
Product Information
Author's profile photo Venkata Saikrishna Bollineni
Venkata Saikrishna Bollineni
July 12, 2022 1 minute read

SAP Analytics Cloud Tenants API for setting right permissions

Hello All,

Assigning the right accesses, privileges or permissions to the right people ensuring that only the authorised individuals could access certain data on the SaaS (Cloud) based applications is the paramount for any business application.

In this blog, we tried to summarise the steps on how to revoke the rights using an API for the SAP Analytics Cloud users from unintended actions.

 

Problem Statement: 

SAP Analytics Cloud has provision that allows ALL users to create content in the “Sample Folder” in the File structure which sometimes is challenging for the administrators to manage that content further.

Requirement: 

This would require then to have an ability for the Administrator(BI admin) to remove the rights from users from accessing and creating any content in the sample folder.

 

Solution: 

The SAP Analytics Cloud Tenant API is a REST API that allows the third party applications access to story and user data stored on an SAP Analytics Cloud tenant.

Using the /Permissions endpoint, you can retrieve content’s permission information and modify it.

Process: 

  • Step 1: Under System > Administration > App Integration, create a new OAuth client with API Access. Follow this guide for steps on how to create an OAuth client in SAC.

 

  • Step 2: The following GET request returns information on who has access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES

 

  • Step 3: The following DELETE request revokes the default (ALL) grantee’s access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES/ALL

For more details on the SAP Analytics Cloud APIs, please check out the API Hub : https://api.sap.com/package/SAPAnalyticsCloud/rest

Detailed documentation on SAP Analytics Cloud APIs : https://help.sap.com/docs/SAP_ANALYTICS_CLOUD?q=APIs

Assigned Tags

      6 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Manivannan Pachiyappan
      Manivannan Pachiyappan

      Hi Venkat

      A customer having both SuccessFactors and SAC License would ideally want data security to be applied same in both the tenants. Can we use the APIs to restrict data for Users on SuccessFactors Data in SAC?

      Regards

      Manivannan P

      Author's profile photo Enoch A
      Enoch A

      Hi Venkat,

      Thanks for the info on SAC tenant API's.

      Link to guide in Step -1 is not accessible and throws the message "We're sorry, but this content is not accessible." though I have tried accessing with S-User and Learning hub license. What level of access is required to access this link ?

      Thanks!

      Author's profile photo Jens-Uwe Kiefer
      Jens-Uwe Kiefer

      Hi Venkat,

      we would prefer to not delete but to adjust the authorizations for "ALL" as we still want to grant READ access to our users.

      How can this be achieved? The API documentation states that POST and PATCH should not be used as they are only designed to be used for SuccessFactors.

      What would you recommend?

      Thanks!

      Jens-Uwe

      Author's profile photo Martijn van Foeken
      Martijn van Foeken

      Hi Venkata Saikrishna Bollineni,

      I'm also very interested to learn how to make sure specific teams would be able to access the Samples folder and revoke rights for All Users.

      Thanks for sharing your thoughts!

      Kind regards,

      Martijn van Foeken | Interdobs

      Author's profile photo Jens-Uwe Kiefer
      Jens-Uwe Kiefer

      Hi Venkata Saikrishna Bollineni / Mona Walia ,

      could you please update on when a more detailled explanation can be provided?

      Thanks!

      Jens-Uwe

      Author's profile photo Sanjay Rajarao
      Sanjay Rajarao

      How do we get the xsCompliantGranteeId for a Team.