How do you address security and authorizations in SAP Analytics Cloud applications? Especially those cases where SAC is connected to SAP BW or SAP BPC? SAP EPM hybrid solutions, for instance, require authorizations to be configured at two levels:
1. Data access security in SAP BW
2. Story access security in SAP Analytics Cloud
Assuming both systems (SAC and BW) are connected via single sign-on (SSO) user authentication will take place in SAC and appropriate authorizations will be applied at each application layer.
For data access configuration we have to identify which objects are authorization relevant from a business point of view by team/user group. For example, in financial planning/reporting this may be Company Code, Cost Center, etc. While at the corporate level controllers are allowed to review plans for the whole organization, at business units this may be allowed for certain Company Codes only. These authorizations are defined at the data access level via BW authorizations.
On the other hand, analytics applications may have various types of landing pages on the frontend. For example, executive reporting, operational planning, supply chain planning, etc. Various teams and user groups may be allowed to have access (or not) to the whole section of stories or landing pages depending on their function. These authorizations are defined at the Story/Team access level in SAC.
Comments