Learn About Data Security in Your Model

Depending on your business case or the sensibility of your data, you might need to restrict access to your data. Data can be secured at different levels in modeler. You can apply security settings to models and dimensions, and you can also apply more detailed restrictions.

This section provides an overview of the security settings available. You'll find links in the sections below that redirect you to more detailed content.

Security Settings Based on Teams or User IDs

The foundation of security comes from the user role assignment. For each role, you can define permissions. In the Security Roles area, you can assign general permissions for all models, but you can't assign permissions for individual models. For information on user roles, see Standard Application Roles.

Users must be assigned a role with the same overall model permission level as the model type they want to access. For example, someone assigned only Read access to Analytic Models in their role (and not also granted Update, Delete, or Maintain) will only ever be able to view data from the models they are allowed to read, even if they are additionally granted Update, Delete, or Maintain permissions on those models.

Think of it like a combination: to read a user's private planning model that has been shared with you, you'll need three things:

  • Rights to read the model via the sharing rights that are set by the user when they share it.
  • Read rights on the Planning Model or Analytics Model application privilege.
  • Read rights on the Private Files application privilege.
    Note
    Depending on where the model is saved you might need read rights on either Private File or Public Files application privilege. For example, if the model is saved in the Models folder under Public, you need read on the Public files application privilege. For more information, see Permissions

If you don't have one of these three rights, you won't be able to read (open or use) the model.

Note
Users with an SAP Analytics Cloud for planning, standard edition license must be assigned a role with Maintain permissions on planning models and analytic models. Users also need the Read and Maintain permissions granted via the Share settings directly on the model itself to upload or change data. For more information, see Create Roles and Share Files or Folders.

Share/Unshare Your Model

Another security level comes from the sharing settings and the file location of models. On the Files page, you can select the location for where to save your model.

  • When a model is saved in a private folder (or in the root of the My Files view), only the user who creates it can see it. However, they can share the model with other teams or users.

  • When a model is saved in a public folder, it is automatically shared with everyone who can access the folder and based on individual sharing settings given to the users.

  • When a model is saved in a workspace folder, only the user who creates it can see it. However, they can share the model with teams and users who are members of that workspace.

Note

When sharing a file, for example a story, that depends on underlying objects, like models or datasets, you'll also need to share to those other objects with the same access level as the file. Furthermore, if the dependencies are from different workspaces, you must also request access to the workspaces and objects on behalf of those users.

Models can be shared the same way that stories and folders can be shared. In the sharing dialog, you can choose the users and teams and give them a predefined access level (View, Edit, or Full Control) or custom access. For information about sharing files, see Share Files or Folders.

Version Security

Adding version security to a model lets you restrict read, write, and delete access to public versions, to prevent other users or teams from changing them. Users who have read-only permission for public versions can still copy data to a private version that they can edit. Users who don't have write permissions can't publish into a public version. With delete permissions for a public version, a user can read, publish to, and delete a public version.

Model Data Privacy

This setting determines whether the model is visible to users other than the owner. If you switch on Model Data Privacy, only the owner of the model and user roles that have specifically been granted access can see the data. Disable this switch if you want the model and data to be public.

Data Access Control

You can set permission for individual dimension using Data Access Control.
Example
  • To ensure that product managers can see the financial results only for their products, you enable the DAC for the dimension Product.

  • To prevent some planners from deleting a public version, you enable data access control for the version dimension and don't give them delete access for that version.

For more information, see Set Up Data Access Control.

Validation Rules

For planning models, validation rules let you define the allowed member combinations across multiple dimensions to prevent improper data entry and planning operations in stories and analytic applications. The system validates the data in the model according to the validation rules you define for this model, and planners are only allowed to enter data or use planning functions for the specified member combinations.

Validation rules do not impact data import and data deletion. To prevent planners from deleting public versions, use data access control.

For more information, see Define Valid Member Combinations for Planning Using Validation Rules.

Data Locking

Unlike most other data security features, data locks are designed to change frequently over time. For planning models, data locking lets you prevent changes to specific data at different stages of the planning process, while also delegating control over the lock state to other users.

Except by users with special permissions, locked values can’t be changed by importing or deleting values in the modeler, or by data entry or other planning operations. Data locking doesn’t prevent public version deletion, though; use data access control instead.

For more information, see Configuring Data Locking.