SAP Knowledge Base Article - Public

2423166 - Users are able to see and enter master data when data access control is enabled in SAP Analytics Cloud

Symptom

If a dimension has the "Enable Data Access Control" option set under the dimension preferences or model data access menu, users are still able to see restricted dimensions members (read access) and enter data even though they do not have write access.

Environment

  • SAP Analytics Cloud

Cause

  • Data access control (DAC) specified in the model is only applied to fact data.
  • Master data (members in the member selection dialogs) are not part of the data access control.
  • Data appears as unbooked and you can see restricted dimension members by clicking the "Unbooked data" option in the Story builder or setting the "Unbooked On" in a story, panel or input control filters.
  • Users who create private versions or try to update public versions are able to write data to any member (data is not actually saved until you click the "Save" button in the version management dialogue)
  • Data access control is applied when a user tries to save or publish a private version to a public version or when they try to publish a public version and then choose the "Save as" new version option.
  • In this case only the data for which the user has write privileges will be published.
  • The following message will appear:
    • Due to limited access rights, some of the data can't be saved. Do you want to save everything except those data?
    • Some of your data changes can't be published because of limited access rights. Those changes will be lost. Do you want to publish everything else?"

Resolution

Use the "Hide hierarchy nodes for users without authorization" dimension preference to hide master data. See Setting Data Access Permissions on Dimensions.

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

EPM, SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Planning, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, conectando, conexão, modelo, configured security, entity dimension, data access control, read and write access, all entities, basic security settings, no teams configured, controls, The version could not be published because you are lacking write access for some dimension members, read, write data, access, private versions version, Dimension Member Read/Write Access Issue, Dimension Read/Write Access in a model.  Planner (not modeler) in security secure my entity dimension as Read / Write for access, input task see data in some entities, not in some entities, input in the ones assigned to them as Write entities , KBA , writing data with read write not functio , not functional (planning) , functioning , the input ignores the members other than , the one where the user is read & write. , the full data gets to the datapoint , unexpected interaction of restrictions , data input , security - model dimension , within a model to have read access only , defined security on a dimension within a , sac dac acces kba , does not work for non-admin roles , publishing data does not work for non-ad , LOD-ANA-PL , Planning , LOD-ANA-BI , Business Intelligence Functionality, Analytic Models , LOD-ANA-BR , SAC Boardroom , LOD-ANA-PR , SAC Predicitive , Problem

Product

SAP Analytics Cloud 1.0