Dear community,
I have a massive problem getting my task done. I tried to build a solution similar to chapter 21 (SAP Analytics Cloud - Administration) of @ingo.hilgeforts book Mastering SAP Analytics Cloud.
I also read the wiki entry from @matthew.shaw (https://wiki.scn.sap.com/wiki/display/BOC/SAP+Analytics+Cloud+-+Security+Concepts+and+Best+Practice) but somehow I don't get what I want.
I have Public folder which is shared for All Users with Access:Full Control
Inside the Public folder I have a folder named after our company and in this company folder there are separate folders for a few departments.
Each department folder has the same folder setup, like below. The folders of interest are marked green.
I have the following teams which correspond to the subfolders and 2 general teams (marked in green, see later)
I also have 2 custom roles which based on the default BI Content Creator/Viewer roles
My problem is now the following:
- A User named TEST is member of team XXXX_HR and team STORY_DESIGNER
- The company folder XXXX is shared for team XXXX_HR including subfolders and access right: only read
- Subfolder HR is shared for team XXXX_HR with subfolders and access right: only read
- Subsubfolder Stories/Models/Open Area are shared for team STORY_DESIGNER and access right: edit
Everything works fine so far and if I change the membership of TEST from STORY_DESIGNER to STORY_CONSUMER it is as it should be.
BUT if I repeat all the steps for the 2nd department SD, the user TEST (which is now member of STORY_DESIGNER and XXXX_SD) will also see the subsubfolders from HR (namely Stories/Models/Open Area) on the same level as the Public folder.
I tried several attempts, even with 3 teams like COMPANY, XXXX_HR, STORY_DESIGNER and so on. But every time I assign STORY_DESIGNER anywhere, users will be able to see other departments.
I cannot figure out, where exactly the problem lies. Maybe I make the same mistake over and over again and now I'm not able to detect my reasoning error.
would be great if someone could help
best regards
Andreas
- SAP Managed Tags:
Accepted Solutions (1)
Hello Andreas,
I have done some tests and I think you should create teams for each area and for each functionality.
Teams (3 areas x 2 funcionalities = 6):
- HR: HR Story_consumer + HR Story_designer.
- SD: SD Story_consumer + SD Story_designer.
- CO: CO Story_consumer + CO Story_designer.
It would be like this schema.
Could you test it?
Regards,
Miquel
Answers (3)
Hello debjit.singha ,
I did as you said and moved my folder out of the Public Folder. I have a Folder called WORK on the same level as the Public Folder now.
Inside of WORK there is our company folder (and 2 test folders with the same folder structure).
Inside of our company folder, we have several departments which are represented via folders.
The lowest level of folders for such a department is the same throughout all such folders
BUT again, when I create my teams for HR, CO, SD and one team called STORY_DESIGN (basing on BI Content Creator Role) and proceed as in my initial post, nothing changes.
If I put my testuser in the teams STORY_DESIGN and SD after I created all for HR (with team STORY_DESIGN and HR) I see the folders from HR which are shared for team STORY_DESIGN
I tried several things and variants, but the result is always the same...
Best regards
Andreas
| User | Count |
|---|---|
| 86 | |
| 10 | |
| 10 | |
| 9 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 4 | |
| 3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.