Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
XaviPolo
Active Contributor
In the last update of the DWC beta version, a new feature has been added: Data Access Control, which allows implementing row level security when accessing data.

This allows us to define what data can be viewed by each user when accessing a DWC view. To show this functionality we are going to use an example of sales analysis, where we want each sales agent to be able to see only the customers in a certain geographical area.

This system is composed of three elements:

  • A table containing the list of fields to be filtered, in this case the sales agent and the state/province.

  • A Data Access Control (DAC), where it is specified how to interpret the data from the previous table

  • A view to which we want to apply the DAC to filter the information it displays according to the user.


 

Table with filters


The requirements are simple, you need a table that has at least two fields. One to identify the user, which must contain the email of the DWC user, and a second field containing the field to be filtered. In our example state/province, and the table is TBL_DAC_STATE.

 


Table with users and state/province


 

Data Access Control (DAC)


A new section has been added in DWC to manage the DACs.


Data Access Controls


Creating a new DAC


Create a new DAC


 

In "Source Data Object" we select the table with the filters (TBL_DAC_STATE) , and identify the fields that we will use to filter, in our example only the STATE_PROVINCE


Select fields to be used as filters


After this, in "Main Name Column" we select the field that contains the email of the DWC user. In our case USER_ID.

We will be able to see in the OUTPUT what fields will be available to filter in our views.

Save and our DAC is ready to use.

 

Applying security in the view


We select the view where we want to apply the security and filter at row level.
This view must have published the fields we want to filter by, in our case STATE_PROVINCE.


Sales view


 

To apply the DAC to the view we have to use the new option "Data Access Control" that we can find in the properties of the view.


DAC in View


 

To add a DAC (you can add multiple DACS) click on the "+" icon and select the DAC that we have created previously.


Select DAC


 

To configure it, you will be asked to join the output field (or fields) of your DAC with the fields of the view.
In our example the output field of the DAC STATE_PROVINCE we relate it to the field of the view with the same name.


Define Join (View - DAC)


 


Check DACs on View


 

Checking results on Story


We have created a story to see how the data are filtered.

Entering with my user and without activating the DAC, I can see all sales data.


Full access to sales data (without DAC)


But if the DAC is activated on the view, it only allows me to see the sales of the 2 zones registered in the TBL_DAC_STATE table for my user.


Restricted access with DAC activated


 

This post is based on tests on the latest beta version of SAP DWC. This functionality may or may not be included in the final version of the product.

 

Bonus Track 🙂

There are some more new features in this latest version:

  • New option to manage the list of IPs that have access to DWC directly from the application, without having to open an incident to SAP as before





  • The management of users and their permissions to access DWC externally has been remodeled, making it simpler and clearer.



 

You can see my other post about DWC Beta: SAP Data Warehouse Data Flows

Update: At this blog there is an example how to use DACs with authorizations from SAP ECC system
17 Comments
Labels in this area