SAP Analytics Cloud (SAC) is a very powerful BI tool, that helps organizations make data based decisions by offering analytics, business intelligence, and planning functionalities. One of the major aspects of implementing and managing effectively roles and authorization in SAC to ensure that your organization users have the correct access to the right data, applications, Stories (dashboards) and Catalog in SAC platform.
In this Tutorial, you will learn the concepts of roles and authorization in SAP Analytics Cloud, explaining their importance, how they work, and how to configure them for optimal security and efficiency.
Where you can see your Role in SAC
In you SAP analytics cloud platform go to the Profile > click on Request Role > then in Role Configuration dialog box > Select Role you need > Send Request
Before that lets understand the what is Roles and Authorization in SAC
Understanding Roles and Authorization in SAC
Roles in SAP Analytics Cloud define the level of access a user has within the SAC platform. Based on users Job profile you can manage user permissions and defining which features, data, Product applications and functionality should be available for the the user. Example if user is developer then he/she should have Content Creator, if user has to manage access for organization users then he/she should have Admin access.
Authorization specifies the extent to which a user can access particular resources, reports, or models in the system. Example, the level of data he/she can view, it could be country level, organizational level or customer level etc…
The combination of both roles and authorizations in SAC ensures that users can only perform tasks that are within their scope, reducing the risk of unauthorized access and data security breaches.
Types of Roles in SAP Analytics Cloud
In SAP Analytics Cloud, there are number of predefined roles, each roles based on different user types and organizational needs. These roles can be customized as per the business requirements. Below are the types of roles in SAC included:
1. System Admin
A System Admin has full access to all features and functionalities for SAP Analytics Cloud platform. The Admin can manage users, assign roles, configure the system, and perform other administrative tasks. This role is typically assigned to IT teams or system administrators in your organization.
2. Modeler
The Modeler role is for users who are responsible for creating and managing data models. Modeler can design and structure models, define calculations, and set up data connections, but they don’t have the administrative privileges to manage users or configurations.
3. Designer or Content Creator
Users with the Designer role can create and manage stories, reports, and visualizations. They can design and modify content for end users, however they don’t have permission to alter underlying data models or system settings.
4. Viewer
The Viewer role provides users with access to view and interact with the data in stories and dashboards created by designers and modelers. They can access reports, stories and dashboards but cannot make any changes or edits to the report, stories and dashboards.
5. Planning
The Planning role grants users access to planning functionality within SAC. This includes features for creating budgets, forecasts, and running what if scenarios. It is typically assigned to finance users and planners within an organization.
6. Application Creator
Application creator has write to create and update analytic applications, which is based on scripts and development of different part of application with scripts like, filters, drop-down box, graphs layout etc.
7. Predictive Content Creator
In SAP Analytics Cloud has the capabilities to predict the values based on ML models, so for users who can create, update, and delete predictive scenarios and analysis in SAC platform is called Predictive content creator.
Best Practices for Role and Authorization in SAC
Below are the best practices to keep in mind to handle effective role and authorization management for maintaining security, improving collaboration, and streamlining user workflows.
- Principle of Grant Least Access: Always try to assign the minimal level of access required for users to perform their job. This always reduces the risk of unauthorized of data exposure.
- Regularly or Quarterly Review Access: best practice is to quarterly review user roles and authorizations to ensure, those users have access are still relevant and necessary. As users move through different positions in your organization, their access needs may change.
- Audit Logs and Monitoring: Regularly monitor access logs and audit to track any unauthorized access attempts and ensure compliance and security protocols of your organization.
- Separation of Duties: It is important to ensure that critical actions like data model creation, stories generation, and content sharing are performed by different individuals users. This reduces the risk of errors and fraud.
Conclusion
Roles and authorizations in SAP Analytics Cloud are essential for controlling who has access to data and ensuring secure and efficient usage of the platform. By understanding and implementing proper role based access control, organizations can not only protect sensitive information but also enable users to access the right tools and data for their specific needs. Effective management of these roles will help optimize collaboration, reduce security risks, and ensure compliance across your organization.