Standard Application Roles
SAP Analytics Cloud is delivered with several standard application roles. The roles you see will depend on the licenses included in your subscription.
A role represents the main tasks that a user performs in SAP Analytics Cloud. For example, if Naomi, your organization's CEO, wants to be able to open stories and digital boardroom presentations, but doesn't need to create them, you could assign her to the Viewer role. System administrator Kate would need the Admin role though, because she manages users and content.
A role comes with a collection of permissions. Naomi and Kate shouldn't be assigned the same permissions. You probably don't want to grant Naomi the "Manage" permission, but Kate should get the maximum level of permissions.
The standard application roles provide a set of permissions that are appropriate for each particular job role. For example, the BI Admin role includes the Create and Delete permissions, while the BI Content Viewer role doesn't:
Note that the existing standard roles can't be deleted or edited. If the standard roles don't suit your needs, you can create your own custom roles with the exact set of permissions you choose. For more information, see these topics:
To access the Roles page, from the side navigation, go to 
Security 
Roles
.
Roles are grouped by the license type they consume. This example shows some of the predefined standard roles and custom roles associated with the Business Intelligence license type:
Each user's license consumption is determined solely by the roles that they've been assigned. For example, a user who has been assigned only the BI Admin standard role consumes only a Business Intelligence license.
On the Roles page, you can search for roles by keyword. Begin typing a keyword into the Search field, and the page will display only those roles that match your keyword.
You can assign standard application roles directly to users or, if you have different business needs, you can use them as a template for defining new roles.
You must use the role IDs below when importing role assignments from CSV or assigning roles via the User & Team Provisioning API. For more information, see SAP Analytics Cloud User and Team Provisioning API.
| Role | Role ID | Description |
|---|---|---|
|
System Owner |
PROFILE:sap.epm:System_Owner | Full Privileges Includes all user privileges to allow unrestricted access to all areas of the application. Only one user in the system can be assigned to this role, and it must always be assigned to a user.Can create, view, update or delete custom widgets. |
|
Admin |
PROFILE:sap.epm:Admin | Planning Administrator: Full Privileges Includes all task authorizations available in SAP Analytics Cloud. Usually assigned to the system administrator to set up users and roles and to perform system transports.Can create, view, update or delete custom widgets. |
|
Modeler |
PROFILE:sap.epm:Modeler |
Planning Modeler: Modeling Privileges Includes all authorizations that are required to manage models and dimensions. Usually assigned to the user who creates and changes models and dimensions. This role also grants authorizations for viewing analytic applications and working with the data analyzer. It also grants authorizations for viewing custom widgets. |
|
Planner Reporter |
PROFILE:sap.epm:Planner_Reporter |
Planner Reporter: Planning and Reporting Privileges Includes all authorizations that are required to perform planning activities, such as revenue planning and automated discoveries. This role also grants authorizations for updating currency tables. Usually assigned to the user who does the planning and budgeting. This role also grants authorizations for viewing analytic applications and working with the data analyzer. It also grants authorizations for viewing custom widgets. |
|
Viewer |
PROFILE:sap.epm:Viewer |
Planning Viewer: Read Privileges Includes read-only privileges. Usually assigned to the user who is allowed only to read the data. This role also grants authorizations for viewing analytic applications and working with the data analyzer. It also grants authorizations for viewing custom widgets. |
|
BI Admin |
PROFILE:sap.epm:BI_Admin |
Business Intelligence Administrator: Full Privileges Includes all task authorizations including predictive. It excludes task authorizations related to planning. Usually assigned to the BI system administrator to set up users and roles. This role also grants all authorizations to view custom widgets. Note: users with this role have access to content even if Data Access Control settings have been applied to that content. |
|
BI Content Creator |
PROFILE:sap.epm:BI_Content_Creator |
Business Intelligence Content Creator: Create and Update Privileges Includes all authorizations that are required to manage models and dimensions not related to planning. Usually assigned to the user who creates and changes non-planning models and dimensions. This role also grants authorizations for viewing analytic applications and working with the data analyzer. It also grants authorizations for viewing custom widgets. |
|
BI Content Viewer |
PROFILE:sap.epm:BI_Content_Viewer |
Business Intelligence Viewer: Read Privileges Includes read-only privileges for non-planning data. Usually assigned to the user who is allowed only to read the data. By default, this role does not include private files permissions. This role also grants authorizations for viewing analytic applications and working with the data analyzer. It also grants authorizations for viewing custom widgets. |
|
Application Creator |
PROFILE:sap.epm:Application_Creator |
Application Creator: Analytics Designer Privileges Includes all authorizations that are required to manage analytic applications. Usually assigned to the user who creates and changes analytic applications. This role also grants authorizations for working with the data analyzer. This role also grants authorizations for viewing custom widgets. |
|
SAPCP Content Creator |
PROFILE:sap.epm:HCP_Content_Creator |
SAP Cloud Platform Creator: Create and Update Privileges Includes all authorizations that are required to manage models and dimensions not related to planning. Usually assigned to the user who creates and changes non-planning models and dimensions. Note The SAPCP roles allow access only to SAP Cloud Platform
(SAPCP) as a data source. |
|
SAPCP Content Viewer |
PROFILE:sap.epm:BI_Content_Viewer |
SAP Cloud Platform Viewer: Read Privileges Includes read-only privileges for non-planning data. Usually assigned to the user who is allowed only to read the data. By default, this role does not include private files permissions. Note The SAPCP roles allow access only to SAP Cloud Platform
(SAPCP) as a data source. |
|
Digital Boardroom Viewer |
PROFILE:sap.epm:Boardroom_Viewer |
Includes the read-only privilege for the Digital Boardroom area. Usually assigned to the user who is allowed only to view boardroom agendas. |
|
Digital Boardroom Creator |
PROFILE:sap.epm:Boardroom_Creator |
Includes all authorizations to create, edit, share, delete, and view boardroom agendas in the Digital Boardroom area. |
| Predictive Content Creator | PROFILE:sap.epm:Predictive_Content_Creator | Includes all authorizations to create, update, delete, and
view predictive scenarios in the Predictive
Scenarios area. You must grant both Create and
Read privileges to ensure that the user can create predictive
scenarios. For more information about the role, see Roles and Permissions for Predictive Scenarios. |
| Predictive Admin | PROFILE:sap.epm:Predictive_Admin | Among all task authorizations available in SAP Analytics Cloud, it includes all authorizations to create, update, delete,
and view predictive scenarios in the Predictive
Scenarios area. You need this role to add and
configure Data Repositories, and this role is mandatory to
publish a predictive model to a PAi application. For more information about the role, see Roles and Permissions for Predictive Scenarios. |
| Translator | PROFILE:sap.epm:Translator |
Includes all authorizations to create, update, read, and delete an artifact with regards to translation. |
You can assign the following SAP Analytics Cloud roles directly to SAP Analytics Hub end users or, if you have different business needs, you can use them as a template for defining new roles.
You must use the role IDs below when importing role assignments from CSV or assigning roles via the User & Team Provisioning API. For more information, see SAP Analytics Cloud User and Team Provisioning API.
| Role | Role ID | Description |
|---|---|---|
|
Analytics Hub Admin |
PROFILE:sap.epm:Analytics_Hub_Admin |
Includes full assets and structure privileges. Usually assigned to the user who sets up the SAP Analytics Hub application. In addition, this user can perform all content management actions. |
|
Analytics Hub Content Creator |
PROFILE:sap.epm:HCP_Content_Creator |
Includes all authorizations to read, create, update, delete, hide, validate, and reject assets in SAP Analytics Hub. Usually assigned to the user who creates and modifies assets. Note We recommend that you use the SAP Analytics
Hub Content Creator role as a template to define
two more specific roles for the content management. For more
information about this recommendation, see Create SAP Analytics Hub Specific Roles. |
|
Analytics Hub Viewer |
PROFILE:sap.epm:Analytics_Hub_Content_Viewer |
Includes read-only privileges. Usually assigned to the user who is allowed only to read the assets. |