Standard Application Roles

SAP Analytics Cloud includes several standard application roles. The roles that you will see depend on the licenses included in your subscription. As a best practice, you can use these roles as templates for creating custom roles for different departments within your organization.

Roles and Permissions

A role represents the main tasks that a user performs in SAP Analytics Cloud. For example, if the CEO of your organization wants to be able to open stories and digital boardroom presentations, but doesn't need to create them, you could assign them to the Viewer role. The system administrator would need the Admin role though, because they manage users and content.

A role comes with a collection of permissions. the CEO and system administrator shouldn't be assigned the same permissions. You probably don't want to grant the CEO the "Manage" permission, but the system administrator should get the maximum level of permissions.

The standard application roles provide a set of permissions that are appropriate for each particular job role. For more information, see Permissions. For example, the BI Admin role includes the Create and Delete permissions, while the BI Content Viewer role doesn't:

Note

The existing standard roles can't be deleted or edited and are updated automatically when new features are added. Instead of assigning the standard application roles to users and teams, create custom roles that are based on the standard application roles and assign the custom roles. For more information, see Create Roles.

Licenses and Roles

To access the Roles page, from the side navigation, go to Start of the navigation path Security Next navigation step Roles End of the navigation path .

Roles are grouped by the license type they consume. This example shows some of the predefined standard roles and custom roles associated with the Business Intelligence license type:

Each user's license consumption is determined solely by the roles that they've been assigned. For example, a user who has been assigned only the BI Admin standard role consumes only a Business Intelligence license.

On the Roles page, you can search for roles by keyword. Begin typing a keyword into the Search field, and the page will display only those roles that match your keyword.

Standard Roles

You can use the standard application roles as templates for creating custom roles and then assign the custom roles to users. For more information, see Create Roles.

When you import role assignments from a CSV file or assign roles via the SAP Analytics Cloud REST API, you must use the following role IDs. For more information, see SAP Analytics Cloud REST API.

Role	Role ID	Description
System Owner	`PROFILE:sap.epm:System_Owner`	Full Privileges Includes all user privileges to allow unrestricted access to all areas of the application. Only one user in the system can be assigned to this role, and it must always be assigned to a user. Grants authorizations to create, view, update or delete analytic applications, and use the data analyzer. Can create, view, update or delete custom widgets.
Admin	`PROFILE:sap.epm:Admin`	Planning Administrator: Full Privileges Includes all task authorizations available in SAP Analytics Cloud. Usually assigned to the system administrator to set up users and roles and to perform system transports. Grants authorizations to create, view, update or delete analytic applications, and use the data analyzer. Can create, view, update or delete custom widgets.
Modeler	`PROFILE:sap.epm:Modeler`	Planning Modeler: Modeling Privileges Includes all authorizations that are required to manage models and dimensions. Usually assigned to the user who creates and changes models and dimensions. Grants authorizations for viewing analytic applications and using the data analyzer. It also grants authorization to view custom widgets.
Planner Reporter	`PROFILE:sap.epm:Planner_Reporter`	Planner Reporter: Planning and Reporting Privileges Includes all authorizations that are required to perform planning activities, such as revenue planning and automated discoveries. This role also grants authorizations for updating currency tables. Usually assigned to the user who does the planning and budgeting. This role also grants authorizations for viewing analytic applications and using the data analyzer. It also grants authorization to view custom widgets.
Viewer	`PROFILE:sap.epm:Viewer`	Planning Viewer: Read Privileges Includes read-only privileges. Usually assigned to the user who is allowed only to read the data. This role also grants authorizations for viewing analytic applications and using the data analyzer. It also grants authorization to view custom widgets.
BI Admin	`PROFILE:sap.epm:BI_Admin`	Business Intelligence Administrator: Full Privileges Includes all task authorizations including predictive. It excludes task authorizations related to planning. Usually assigned to the BI system administrator to set up users and roles. Grants authorizations to create, view, update or delete analytic applications, and use the data analyzer. This role also grants authorization to view custom widgets. Note Users with this role have access to content even if Data Access Control settings have been applied to that content.
BI Content Creator	`PROFILE:sap.epm:BI_Content_Creator`	Business Intelligence Content Creator: Create and Update Privileges Includes all authorizations that are required to manage models and dimensions not related to planning. Usually assigned to the user who creates and changes non-planning models and dimensions. This role also grants authorizations for viewing analytic applications and use the data analyzer. It also grants authorization to view custom widgets.
BI Content Viewer	`PROFILE:sap.epm:BI_Content_Viewer`	Business Intelligence Viewer: Read Privileges Includes read-only privileges for non-planning data. Usually assigned to the user who is allowed only to read the data. By default, this role does not include private files permissions. This role also grants authorizations for viewing analytic applications and use the data analyzer. It also grants authorization to view custom widgets.
Application Creator	`PROFILE:sap.epm:Application_Creator`	Application Creator: Analytics Designer Privileges Includes all authorizations that are required to manage analytic applications. Usually assigned to the user who creates and changes analytic applications. Grants authorizations to create, view, update or delete analytic applications, and use the data analyzer. This role also grants authorization to view custom widgets.
BTP Content Creator	`PROFILE:sap.epm:HCP_Content_Creator`	SAP Business Technology Platform Creator: Create and Update Privileges Includes all authorizations that are required to manage models and dimensions not related to planning. Usually assigned to the user who creates and changes non-planning models and dimensions. Note The BTP roles allow access only to SAP Business Technology Platform (BTP) as a data source.
BTP Content Viewer	`PROFILE:sap.epm:BI_Content_Viewer`	SAP Business Technology Platform Viewer: Read Privileges Includes read-only privileges for non-planning data. Usually assigned to the user who is allowed only to read the data. By default, this role does not include private files permissions. Note The BTP roles allow access only to SAP Business Technology Platform (BTP) as a data source.
Digital Boardroom Viewer	`PROFILE:sap.epm:Boardroom_Viewer`	Includes the read-only privilege for the Digital Boardroom area. Usually assigned to the user who is allowed only to view boardroom agendas.
Digital Boardroom Creator	`PROFILE:sap.epm:Boardroom_Creator`	Includes all authorizations to create, edit, share, delete, and view boardroom agendas in the Digital Boardroom area.
Predictive Content Creator	`PROFILE:sap.epm:Predictive_Content_Creator`	Includes all authorizations to create, update, delete, and view predictive scenarios in the Predictive Scenarios area. You must grant both Create and Read privileges to ensure that the user can create predictive scenarios. For more information about the role, see Roles and Permissions for Predictive Scenarios.
Predictive Admin	`PROFILE:sap.epm:Predictive_Admin`	Among all task authorizations available in SAP Analytics Cloud, it includes all authorizations to create, update, delete, and view predictive scenarios in the Predictive Scenarios area. You need this role to add and configure Data Repositories. For more information about the role, see Roles and Permissions for Predictive Scenarios.
Translator	`PROFILE:sap.epm:Translator`	Includes all authorizations to create, update, read, and delete an artifact with regards to translation.
BI Restricted Content Creator	`PROFILE:sap.epm:BI_RESTRICTED_CONTENT_CREATOR`	Business Intelligence Restricted Content Creator: Create and Update Privileges Includes all authorizations that are required to manage models and dimensions not related to planning. Usually assigned to the user who creates and changes non-planning models and dimensions. This role also grants authorizations for viewing analytic applications and use the data analyzer. It also grants authorization to view custom widgets. Note This role is only available for SAP Datasphere embedded customers.
BI Restricted Content Viewer	`PROFILE:sap.epm:BI_RESTRICTED_CONTENT_VIEWER`	Business Intelligence Restricted Content Viewer: Read Privileges Includes read-only privileges for non-planning data. Usually assigned to the user who is allowed only to read the data. By default, this role does not include private files permissions. This role also grants authorizations for viewing analytic applications and use the data analyzer. It also grants authorization to view custom widgets. Note This role is only available for SAP Datasphere embedded customers.
BI Restricted Tenant Admin	`PROFILE:sap.epm:BI_RESTRICTED_TENANT_ADMIN`	Business Intelligence Restricted Tenant Administrator: Full Privileges Includes all task authorizations including predictive. It excludes task authorizations related to planning. Usually assigned to the BI system administrator to set up users and roles. Grants authorizations to create, view, update or delete analytic applications, and use the data analyzer. This role also grants authorization to view custom widgets. Users with this role have access to content even if Data Access Control settings have been applied to that content. Note This role is only available for SAP Datasphere embedded customers.

SAP Analytics Hub Roles

You can use the following SAP Analytics Cloud roles as templates for creating custom roles and then assign the custom roles to users. For more information, see Create Roles.

When you import role assignments from a CSV file or assign roles via the SAP Analytics Cloud REST API, you must use the following role IDs. For more information, see SAP Analytics Cloud REST API.

Role	Role ID	Description
Analytics Hub Admin	`PROFILE:sap.epm:Analytics_Hub_Admin`	Includes full assets and structure privileges. Usually assigned to the user who sets up the SAP Analytics Hub application. In addition, this user can perform all content management actions.
Analytics Hub Content Creator	`PROFILE:sap.epm:HCP_Content_Creator`	Includes all authorizations to read, create, update, delete, hide, validate, and reject assets in SAP Analytics Hub. Usually assigned to the user who creates and modifies assets. Note We recommend that you use the SAP Analytics Hub Content Creator role as a template to define two more specific roles for the content management. For more information about this recommendation, see Create Roles.
Analytics Hub Viewer	`PROFILE:sap.epm:Analytics_Hub_Content_Viewer`	Includes read-only privileges. Usually assigned to the user who is allowed only to read the assets.