SAP Knowledge Base Article - Public

2423166 - Users are able to see and enter master data when data access control is enabled in SAP Analytics Cloud

Symptom

If a dimension has the "Enable Data Access Control" option set under the dimension preferences or model data access menu, users are still able to see restricted dimensions members (read access) and enter data even though they do not have write access in SAP Analytics Cloud (SAC).

Environment

  • SAP Analytics Cloud

Cause

  • Data access control (DAC) specified in the model is only applied to fact data.
  • Master data (members in the member selection dialogs) are not part of the data access control.
  • Data appears as unbooked and you can see restricted dimension members by clicking the "Unbooked data" option in the Story builder or setting the "Unbooked On" in a story, panel or input control filters.
  • Users who create private versions or try to update public versions are able to write data to any member (data is not actually saved until you click the "Save" button in the version management dialogue)
  • Data access control is applied when a user tries to save or publish a private version to a public version or when they try to publish a public version and then choose the "Save as" new version option.
  • In this case only the data for which the user has write privileges will be published.
  • The following message will appear:
    • Due to limited access rights, some of the data can't be saved. Do you want to save everything except those data?
    • Some of your data changes can't be published because of limited access rights. Those changes will be lost. Do you want to publish everything else?"

Resolution

Use the "Hide parents" dimension preference to hide master data. See Setting Data Access Permissions on Dimensions.

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

EPM, SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Planning, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, conectando, conexão, modelo, configured security, entity dimension, data access control, read and write access, all entities, basic security settings, no teams configured, controls, The version could not be published because you are lacking write access for some dimension members, read, write data, access, private versions version, Dimension Member Read/Write Access Issue, Dimension Read/Write Access in a model.  Planner (not modeler) in security secure my entity dimension as Read / Write for access, input task see data in some entities, not in some entities, input in the ones assigned to them as Write entities , KBA , writing data with read write not functio , not functional (planning) , functioning , the input ignores the members other than , the one where the user is read & write. , the full data gets to the datapoint , unexpected interaction of restrictions , data input , security - model dimension , defined security on a dimension within a , within a model to have read access only , sac dac acces kba , publishing data does not work for non-ad , does not work for non-admin roles , hide parents sac kba , end user with security restriction , hide parents dac sac kba , at leaf level node , top level hierachy is displayed , hide parents , LOD-ANA-PL , Planning , LOD-ANA-BI , Business Intelligence Functionality, Analytic Models , LOD-ANA-BR , SAC Boardroom , LOD-ANA-PR , SAC Predicitive , Problem

Product

SAP Analytics Cloud 1.0