Skip to content
Close
SEARCH
LANGUAGE – en
de
Contact
en
de
Contact
NextLytics
Megamenü_2023_Über-uns

Shaping Business Intelligence

Whether clever add-on products for SAP BI, development of meaningful dashboards or implementation of AI-based applications - we shape the future of Business Intelligence together with you. 

More
Megamenü_2023_Über-uns_1

About us

As a partner with deep process know-how, knowledge of the latest SAP technologies as well as high social competence and many years of project experience, we shape the future of Business Intelligence in your company too.

Megamenü_2023_Methodik

Our Methodology

The mixture of classic waterfall model and agile methodology guarantees our projects a high level of efficiency and satisfaction on both sides. Learn more about our project approach.

Products
Megamenü_2023_NextTables

NextTables

Edit data in SAP BW out of the box: NextTables makes editing tables easier, faster and more intuitive, whether you use SAP BW on HANA, SAP S/4HANA or SAP BW 4/HANA.

Megamenü_2023_Connector

NextLytics Connectors

The increasing automation of processes requires the connectivity of IT systems. NextLytics Connectors allow you to connect your SAP ecosystem with various open-source technologies.

IT-Services
Megamenü_2023_Data-Science

Data Science & Engineering

Ready for the future? As a strong partner, we will support you in the design, implementation and optimization of your AI application.

Megamenü_2023_Planning

SAP Planning

We design new planning applications using SAP BPC Embedded, IP or SAC Planning which create added value for your company.

Megamenü_2023_Dashboarding

Dashboarding

We help you with our expertise to create meaningful dashboards based on Tableau, Power BI, SAP Analytics Cloud or SAP Lumira. 

Megamenü_2023_Data-Warehouse-1

SAP Data Warehouse

Are you planning a migration to SAP HANA? We show you the challenges and which advantages a migration provides.

Business Analytics
Megamenü_2023_Procurement

Procurement Analytics

Transparent and valid figures are important, especially in companies with a decentralized structure. SAP Procurement Analytics allows you to evaluate SAP ERP data in SAP BI.

More
Megamenü_2023_Reporting

SAP HR Reporting & Analytics

With our standard model for reporting from SAP HCM with SAP BW, you accelerate business activities and make data from various systems available centrally and validly.

More
Megamenü_2023_Dataquality

Data Quality Management

In times of Big Data and IoT, maintaining high data quality is of the utmost importance. With our Data Quality Management (DQM) solution, you always keep the overview.

More
Career
Megamenü_2023_Karriere-2b

Working at NextLytics

If you would like to work with pleasure and don't want to miss out on your professional and personal development, we are the right choice for you!

More
Megamenü_2023_Karriere-1

Senior

Time for a change? Take your next professional step and work with us to shape innovation and growth in an exciting business environment!

More
Megamenü_2023_Karriere-5

Junior

Enough of grey theory - time to get to know the colourful reality! Start your working life with us and enjoy your work with interesting projects.

More
Megamenü_2023_Karriere-4-1

Students

You don't just want to study theory, but also want to experience it in practice? Check out theory and practice with us and experience where the differences are made.

More
Megamenü_2023_Karriere-3

Jobs

You can find all open vacancies here. Look around and submit your application - we look forward to it! If there is no matching position, please send us your unsolicited application.

More
Blog
Business Data Cloud - What is it all about?
Business Data Cloud - What is it all about?
Data Platform Architecture with SAP Datasphere & Databricks
Data Platform Architecture with SAP Datasphere & Databricks
Ingesting Data into Databricks Unity Catalog via Apache Airflow with Daft
Ingesting Data into Databricks Unity Catalog via Apache Airflow with Daft
Increase Efficiency with Apache Airflow Managed Service Operations
Increase Efficiency with Apache Airflow Managed Service Operations
NextLytics Newsletter Teaser
Sign up now for our monthly newsletter!
Sign up for newsletter
 

SAP Analytics Cloud authorization concept made simple

Bernhard22 July 2021 3 min read

The authorization concept is one of the most important components of any planning application, as the company's future strategy is based on planning. At the same time, many people from different areas of the company and, if necessary, even suppliers participate in the planning process. It is therefore essential to guarantee that those involved only have access to the functions and data that are necessary to fulfill their task.

In this article, I introduce the authorization concept of SAP Analytics Cloud. In particular, I discuss data access rights. These define which data a user is allowed to view or modify.

There are two options to define which data access rights a user gets: Model Data Privacy and Data Access Control in Dimensions. Below, we'll explain how the two alternatives work and discuss the differences. We will then provide a modeling recommendation for your projects.

Model Data Privacy

Because data management in SAP Analytics Cloud takes place at the data model level, data access control must first be activated for each model. Only then can you define the access rights. The required setting can be found on the "Access and Privacy" tab in the "Data Access" area.

The “Model Data Privacy” option determines whether the model is displayed to users other than the owner. In addition, it is possible to configure row level permissions that are not available in other models. Thus, if you enable the “Model Data Privacy” option, the data can be viewed only by the owner of the model and by user roles that have been granted access.

Model data privacy option

Afterwards the role definition can take place. You can use logical expressions to restrict access when defining the read and write access. This allows you to flexibly design the role definition.

The following operators are available:

  • Relational operators like <, <=,=, =>, >
  • BETWEEN, to define a range
  • CONTAINS, to define a pattern
  • IS_CURRENT_USER, to check whether the attribute value matches the user ID of the logged in user. Useful when responsible persons are maintained in the master data.

SAC Role Example

 

Planning tools compared - SAP BW IP vs. BPC vs. SAC

Neuer Call-to-Action

Data Access Control in Dimensions

In addition to the presented option of defining data access via the role definition, you can also define data access rights directly in the dimensions of the model. You can activate the data access control for individual dimensions of the model.

Data Access Control in Dimensions option

If this option is activated, read and write columns are added in master data of the respective dimension, where you can assign a responsible person. This allows you to define which users or teams have access to the individual elements of the dimension. Please note that read and write permissions on nodes are always inherited by the child elements of the node.

Read and write authorizations can be set for individual elements

In the example above, the user „LMORLOCK“ will have read- and write-access only for the tree-node California and its leaf-nodes.

Differences

Both options allow data access permissions to be defined at both row and column level. With the "Model Data Privacy" option, roles containing dimensions are assigned to users.  With the second option, "Data Access Control in Dimensions", the assignment of authorized users is not done via a role, but in the individual dimensions. 

However, there are also significant differences. For example, the "Model Data Privacy" option allows you to create roles that contain multiple models. The "Data Access Control in Dimensions" option, on the other hand, only refers to the respective model. A cross-module definition of permissions is therefore not possible. The permissions must be assigned individually for each model.

In addition, with the “Data Access Control in Dimensions” option, the master data must first be available. Only then can authorizations be granted. It is also not possible to define permissions using a pattern (such as CONTAINS).

In contrast, the “Model Data Privacy” option allows flexible permissions. When defining the authorizations, logical expressions such as larger, smaller, BETWEEN or CONTAINS can be used. This way, master data does not necessarily have to be available.

SAP Analytics Cloud authorization concept - Our conclusion 

Ultimately, the decision depends on the respective requirements. However, the "Model Data Privacy" option is recommended. It enables a flexible definition of authorizations. In addition, maintenance is also simplified.

Are you interested in SAP Analytics Cloud? Are you trying to build up the necessary know-how in your department for SAP Analytics Cloud Planning? Or do you need support with a specific question? Request a non-binding consultation offer today!

Learn all about Planning with SAP Analytics Cloud

SAP Analytics Cloud, SAP Planning, SAC Story

avatar

Bernhard

Bernhard has been professionally at home in the SAP world since 2013. As a front-end developer, the focus was on SAP Analytics Cloud and SAP BW. Due to the large number of projects he has completed, he has been able to gain experience in requirements gathering, project management and architect roles in addition to development and is now Product Owner of NextTables. In his private life, Bernhard is a hobby cook and enjoys hiking or dancing.

Got a question about this blog?
Ask Bernhard

Blog - NextLytics AG 

Welcome to our blog. In this section we regularly report on news and background information on topics such as SAP Business Intelligence (BI), SAP Dashboarding with Lumira Designer or SAP Analytics Cloud, Machine Learning with SAP BW, Data Science and Planning with SAP Business Planning and Consolidation (BPC), SAP Integrated Planning (IP) and SAC Planning and much more.

Subscribe to our newsletter

Related Posts

Recent Posts