Human Capital Management Blogs by SAP
Get insider info on SAP SuccessFactors HCM suite for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unlocking Business Insights: A Guide to SPM Embedded Analytics Integration

Vasavi_Rongali
Product and Topic Expert
Product and Topic Expert
‎2024 Aug 12 6:22 AM
705

Introduction to SAP Identity Authentication Service (IAS), Identity Provisioning Service (IPS), Embedded Analytics (EA), and TBAI

Myprofile.png

SAP Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) form the backbone of user authentication and provisioning in SAP environments. They ensure seamless integration and secure access across various SAP applications. Embedded Analytics (EA) and TBAI (Team-Based Access and Integration) further enhance the user experience by providing robust analytics and data security functionalities. 

Overview: 

IAS : User store and used to provide Application-level security.

IPS: Used to sync users from One application to another application

EA: Used to develop and share stories.

TBAI: Used to provide Data security.

For IAS/EA/TBAI: Login name and password is same for all three applications. 

IPS: Customer will login using their own s-userid. For debugging and troubleshooting SAP employees should be given by the customer then we can login using or I/C/D userid.

In this blog, we will delve into the key aspects of these services and their integration.

SAP Identity Authentication Service (IAS)

IAS is a cloud-based service that focuses on user authentication, access management, and user administration. Here are the key features:

  • User Authentication: Ensures secure user login and access.
  • Identity Management: Manages user identities efficiently.
  • Cloud-Based Solution: Offers scalability and reliability.
  • Integration Capabilities: Easily integrates with other SAP and non-SAP applications.
  • Security and Compliance: Meets stringent security and compliance standards.
  • Mobile Support: Provides authentication for mobile applications.

SAP Identity Provisioning Service (IPS)

IPS handles user provisioning and synchronization between applications. It supports two main synchronization approaches:

  • Top-down Synchronization: Users are created in IAS and then synchronized to the target application.
  • Bottom-up Synchronization: Users are created in the application and then synchronized to IAS.

topdown.png

There are two types of sync jobs in IPS:

  • Read: Pulls recently modified user data from the source system.
  • Resync: Pulls all users from the source system, which can be time-consuming if the user count is high.

IAS Groups available for EA:

APP_SCANEmbedded AnalyticsGroup for Application
ADMINISTRATOR_COMM-SCANEmbedded AnalyticsGroup for Administrators
AUTHOR_COMM-SCANEmbedded AnalyticsGroup for Author
AUTHENTICATED_COMM-SCANEmbedded AnalyticsGroup for Viewer

AUTHENTICATED_COMM-SCAN - Users can only view stories and cannot edit or create them.

AUTHOR_COMM-SCAN - Author users can create, edit and share stories.

ADMINISTRATOR_COMM-SCAN - Administrator users can create, edit, and share stories, as well as create and manage users.

Embedded Analytics (EA)

Embedded Analytics in SAP Commissions provides tools to interactively analyze live sales performance data. EA allows the creation and sharing of stories based on data models. Here are some important points:

  • Standard Data Models: Provided by default, pulling data from backend SVW views.
  • Custom Data Models: Created based on customer requirements with specific naming conventions and structured privileges.
  • Teams: Groups of users that simplify the sharing of stories and files.
  • Scheduling: Allows scheduling the sharing of stories with users and teams.

Standard Models:

All standard Data model data will be pulled from Backend SVW views.
Example:
Balances Model it will pull data information from COMMISSIONS.CSA_BALANCEFACT_SVW

For All our standard Models a CSN file will be created by default, which consists all metadata for standard models.

Table to check csn details: CSA_MODELSECURITY
Sample:

 

 

 

"COMMISSIONS.CSA_BALANCEFACT_SVW": {
      "kind": "entity",
      "@Common.Label": "Balances",
      "@Analytics.query": false,
      "@Analytics.dataCategory": {
        "#": "CUBE"

 

 

 

Steps to create custom model

1)Create reporting views based on the custom model requirements.

   All custom SQL views used by the custom CSN file must end with the customer code and use the following pattern:
   View name: csa_<viewname>_svw_<customercode>
   For example: csa_credits_svw_sap

2) Create structured privileges for data-level security on the new views.    

 

 

 

CREATE STRUCTURED PRIVILEGE org_security_ext FOR
        SELECT ON csa_xyz_svw_sap, csa_creditfact_svw_ext
                   WHERE ...

 

 

 

3) Provide necessary grants to the tenant DB user.     

 

 

 

GRANT STRUCTURED PRIVILEGE ext.XYZ_VW TO 0533

 

 

 

4) Create a new CSN file that contains the metadata for the custom models  and upload it

5) After uploading CSN  select Model and provide Model security for Author/Administrators.

Team-Based Access and Integration (TBAI)

TBAI ensures data security by providing different levels of data access based on user roles. The access levels include:

Only Users with ADMINISTRATOR_COMM-SCAI group can login and provide data access.

User will present in TBAI, once we ran IAS to SAC sync.

The data that a user can analyze using embedded analytics for SAP Incentive Managment is determined by their data permissions settings.

  • All Data: Users can see all data.
  • Business Units: Users can see data in selected business units.
  • Position Groups: Users can see data in selected position groups.
  • Position Hierarchy: Users can see data attributed to specific positions and subordinate positions in their hierarchy.

 

1 Comment
Popular Blog Posts