We can create one or more data access controls that consume this permissions entity and select one or more columns in each data access control to specify the criteria that it will enforce. We can also apply a single data access control to multiple views.
The above diagram depicts a typical environment where a permissions entity is maintained by business users in Permissions Space and shared with the IT Space, where technical users create data access controls from it and apply them to views. These views are then shared with Sales Spaces, ensuring secure access for modelers and analysts.
Business users operate within the Permissions space. They are responsible for managing the Permissions table.
The IT space members are the technical users, they utilizes the shared Permissions table as a foundation for Data Access Controls. The technical users maintain a connection to an external source system. This connection facilitates the import of the Sales table into the IT space.The Technical users create a Sales Org View intended for business analysts and modelers to use.
Follow the below steps to create a Data Access Control:
1. Navigate to the Data Access Controls section in the side menu. If needed, select a specific space. Click "New Data Access Control" to open the editor.2. Provide a descriptive Business name for easy identification by users. You can change this name later. If you wish to change the default technical name, you can enter a new alphanumeric name (with underscores). Note that technical names can't be changed after saving. Enter the name of the person responsible for the data access control.
3. Choose the Permissions_Table shared from the Permissions Space. Each data access control uses a table or view containing permission information.4. The permissions entity should have at least two columns:
- One or more columns with filter criteria (e.g., Sales Org, Product) to determine how data is exposed to users. These columns are Criteria columns in your data access control.- One column with user IDs in the required format (such as email addresses or logon names). This column becomes the Identifier Column in your data access control.5. In the criteria section, list the columns selected as filter criteria for your data access control.6. Save your changes to the design-time repository. Deploy the changes to make them available in the run-time environment.
To apply data access controls to a view and control user data visibility based on criteria, follow these steps:
1. Navigate to Data Builder in the left navigation and select the relevant space. Open the desired view for applying the data access control.2. Open the Sales Org View, select the output node of the view and open the Data Access Control section in the side panel, click "Add".3. Choose the desired data access control, and confirm with "OK."4. In the Join section, map columns from the Sales Org View to the criteria columns defined in the data access control. We must map a column from your view to each criteria column to appropriately filter view data.5. Click "Deploy" to save and deploy the view.
6. Applying the "Sales Org and Product" Data Access Control, the technical users ensure that only authorized data is visible within the Sales Org View.7. Subsequently, the technical users share the protected Sales Org View with the Sales space. This view is now accessible for secure analysis by sales teams.
In the Sales Space, John created the Analytic Model with the Sales Org View added as a source. When he previewed the data, he was able to see the information related to the Germany Sales Organization and the M525e Product.
Isabella has created a SAP Analytics Cloud story using the SalesOrg Analytic Model created by John. She is limited to viewing only the Sales Organization China and Product eBike E101 data.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 | |
4 |