Creating SAP Analytics Hub Specific Roles

You can ensure that there’s more control over the content’s lifecycle in SAP Analytics Hub. Instead of assigning the role of Content Creator to your users, which grants all content management authorizations, you can define two more specific variants of this role. These two roles give different privileges, but they are interrelated.

Prerequisites

You must have a SAP Analytics Hub license in order to grant the roles listed below.

Context

The table below provides information on what each role is meant for:

Role

Description

Content Editor

Includes all authorizations to read, create, and update assets. Usually assigned to the user who provides content in SAP Analytics Hub.

Content Validator

Includes all authorizations to read assets, and to validate or reject draft assets sent for review that are created by Content Editors. Usually assigned to the user who has to check the quality of the content displayed in SAP Analytics Hub.

Procedure

  1. On the Roles page of the Security area, choose (New) to add a new row to the roles management table.
  2. In the Create New Role dialog, enter one of the following names:
    • Content_Editor
    • Content_Validator
    Note
    Blanks are not allowed in the role name.
  3. Click OK.

    The role is created and a new page is displayed.

  4. Define the permissions for your new role for every activity. Check the permissions for the Analytics Hub Assets and Analytics Hub Structure rows as described below:
    • For the Content Editor:

      Name

      Permissions
      Analytics Hub Assets
      • Read
      • Create
      • Update
      Analytics Hub Structure
      • Read
      Team
      • Read
      User
      • Read
    • For the Content Validator:

      Name

      Permissions
      Analytics Hub Assets
      • Read
      • Delete
      • Execute
      Team
      • Read
      User
      • Read
    Note
    To define the Content Validator permissions, you don’t need to check any permission related to the Analytics Hub row. For any role ceated (User or Team), Read access is mandatory.
  5. If you have already created users that should be assigned the new role, choose (Assign Role), select one or more users in the Assign Role to User dialog, and choose OK.

    All users that are currently assigned to the role appear in the Selected Users list along with any new users you select.

  6. Choose (Settings) to define the following options in the Settings dialog:
    Option Description
    Enable Self-Service If you activate this option, any business user can request this role for himself in the Request Roles dialog.
    Use as Default Role The default role is assigned to new users if no role is specified when users are imported or created.
    Full Data Access
    If you activate this option, any user who is assigned this role can see all the data of any model regardless of how the data access for the model is defined.
    Recommendation
    Grant full data access carefully and only to selected users.
  7. Decide which type of user should approve the role request:
    • Manager: The user assigned as a manager to the user requesting the role must approve the request.
      Note
      The manager is assigned to a user on the User page in the user management area.
    • Other Users: A specific user that you select from the dialog must approve the request.
Related Information