SlideShare ist ein Scribd-Unternehmen logo

SAP Analytics Cloud - security concepts and best practice

Als PPTX, PDF herunterladen
M
Matthew Shaw

An overview of security concepts and best practices for SAP Analytics Cloud. Ideal for any architect or IT admin at the start of an SAP Analytics Cloud project and wishing to understand the big picture and how best to setup their SAP Analytics Cloud service

Technologie
1 von 11
PUBLIC Matthew Shaw, SAP @MattShaw_on_BI August 2019 Version 1.2 SAP Analytics Cloud Security Concepts and Best Practice
2PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  A Role can contain many Users and a User can be in many Roles  Need to have multiple roles, because a single role can only consume: – 1 license type by application (Analytics Hub, BI, Planning Pro, Planning Standard) – 1 license type by user license (named user, concurrent session)  Roles are the only place where you can define ‘Application level rights’  Do NOT use the default roles. Always create custom roles (based on a copy of the default ones)  Roles define Application Rights: Role User User Roles can contain many users User Role Role A User can be in many roles
3PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  A Team can contain multiple users and a user can belong to multiple Teams  Teams can have their own folder, but generally more problematic than beneficial  Top Tip – Use normal Public Folders, avoid Team Folders! – De-select the ‘Create Team Folder’ option when creating Teams – Teams cannot be exported or imported from one SAP Analytics Cloud Service to another – The Team folder can only be shared by users within the team and not with anyone outside of the Team – Teams cannot be re-named, unlike normal Public Folders User User Team can contain many users User A User can be in many Teams Team Team Team
4PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Teams can ‘aggregate’ roles together!  If a Team or User is a member of multiple roles, they inherit the ‘Union’ of the roles rights  Top Tip - Use Teams to group your Roles  Top Tip – Include the team name in the teams description. Currently team names are not shown when sharing content, only the description is!  Currently a Team cannot be assigned to a Role defined as ‘Concurrent session’ – You’ll need to add each user individually to the role Team Role BRole A
5PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Rights are assigned to objects (folder/file) by: Teams and/or Users (not Roles)  The ‘User A’ will not inherit the rights to the folder because – folders can not be secured by roles – the user isn’t in the team  Just because a team is assigned to the role, doesn’t mean all users of the role (the team is a member of) inherit the teams’ rights to the folder Team User B Role User A Folder User C Assign rights
6PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Map a User Attribute to the Team – This means the IdP defines who is a member of which Team – In general the number of teams, defined as user attributes in the IdP, is small and certainly much smaller than the number of SAP Analytics Cloud Roles  Assign the Team to multiple roles  Assign the Folder rights to the team  Place rights on folders to benefit from inheritance (rather than on every file) Team Folder Assign rights  Top Tip – Use your own IdP, you’ll need it for SSO to ‘Live’ data sources  Doc links: – Enabling SAML SSO – Mapping Team Attributes Map Users to Teams SAML2 Identity Provider (IdP) User User Attribute Team SAP Analytics Cloud User Role B Team Role A
7PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  SAML2 IdP ensures Seamless Single-Sign-On for connections to data sources (typically on- premise) – Must be the same IdP – SAML is not the only option. X509 certificate and Kerberos is also possible if the database supports it  Top Tip: Enable “Dynamic User Creation” so users are automatically created in SAP Analytics Cloud! – No automatic deletion of users to keep their personal content safe SAML2 Identity Provider (IdP) SAP Analytics Cloud Database SAML2 Trust relationship SAML2 Trust relationship SAML token SAML token SAML token
8PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Organise Public Folders so to take advantage of inheritance rights – Not too deep! Users experience the structure! – Need to avoid too many clicks for the user  A folder per Project (or Line of Business) – The generic ‘Models’ folder generally isn’t suitable, as different models need to be secured differently. Storing all models in one folder means managing the security on every model individually – Models are best placed in each Projects folder so to benefit from folder security inheritance – Users will also be less confused. Makes more sense that Stories and Models are in the same place  Top Tip - Delete the system generated ‘Models’ folder  From wave 2019.13 (and the 2019 Q3 Quarterly Release) you can limit who can create content in the Public root Public Project B Project C Project A Models
9PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Read Project A Ad-hoc Secure Project A Ad-Hoc Project A Secure Create Read (deny others) Project A Ad-Hoc Project A Standard Project A Secure Standard Security Concepts and Best Practice  Assign the rights as shown between Teams and Folders  Store the ‘standard’ models/stories/applications in the Project ‘root’ folder so to keep the number of clicks reduced – The 'Standard' sub-folder could be used, but using such a folder is unnecessary and just forces the user to have an additional click. So, best to collapse it into the 'root' of the Project Folder.  A typical Project will contain – 'Standard' content that everyone within the Project will need access too. This content is 'static' in general and 'approved' by 'IT' for standards, layout and performance etc. – Ad-hoc content. This is content the Business Users create and use. Once content here is identified as 'business critical', it should be managed by 'IT', brought up to standards (for layout and performance etc.) and then moved into the 'Standard' content area (potentially via a development environment beforehand) – Secure content. This is content that only a selected number of users within the Project have access too
10PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Use inheritance to your advantage – Avoid assigning rights on individual files or individuals – Assign rights to Teams and Folders only  Denying rights – You can not explicitly ‘deny’ a right – Can only grant rights – So, remove the right to ‘All Users’ as required  Content, including models, can be searched on by name  Good naming convention is essential – For models, content (stories, applications) & folders – Users like ‘codes’ to ease searching – Avoid long names as it clutters the interface  Top tip – Filter the file types to exclude Models – It prevents users from seeing Models listed alongside other content, like Stories and Digital Boardrooms
Contact information: Matthew Shaw SAP https://blogs.sap.com/2019/06/21/sap-analytics-cloud- security-concepts-and-best-practice/ @MattShaw_on_BI Thank you.

Empfohlen

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Empfohlen

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxnull - The Open Security Community
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Kürzlich hochgeladen (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Empfohlen

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Empfohlen (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

SAP Analytics Cloud - security concepts and best practice

  • 1. PUBLIC Matthew Shaw, SAP @MattShaw_on_BI August 2019 Version 1.2 SAP Analytics Cloud Security Concepts and Best Practice
  • 2. 2PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  A Role can contain many Users and a User can be in many Roles  Need to have multiple roles, because a single role can only consume: – 1 license type by application (Analytics Hub, BI, Planning Pro, Planning Standard) – 1 license type by user license (named user, concurrent session)  Roles are the only place where you can define ‘Application level rights’  Do NOT use the default roles. Always create custom roles (based on a copy of the default ones)  Roles define Application Rights: Role User User Roles can contain many users User Role Role A User can be in many roles
  • 3. 3PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  A Team can contain multiple users and a user can belong to multiple Teams  Teams can have their own folder, but generally more problematic than beneficial  Top Tip – Use normal Public Folders, avoid Team Folders! – De-select the ‘Create Team Folder’ option when creating Teams – Teams cannot be exported or imported from one SAP Analytics Cloud Service to another – The Team folder can only be shared by users within the team and not with anyone outside of the Team – Teams cannot be re-named, unlike normal Public Folders User User Team can contain many users User A User can be in many Teams Team Team Team
  • 4. 4PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Teams can ‘aggregate’ roles together!  If a Team or User is a member of multiple roles, they inherit the ‘Union’ of the roles rights  Top Tip - Use Teams to group your Roles  Top Tip – Include the team name in the teams description. Currently team names are not shown when sharing content, only the description is!  Currently a Team cannot be assigned to a Role defined as ‘Concurrent session’ – You’ll need to add each user individually to the role Team Role BRole A
  • 5. 5PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Rights are assigned to objects (folder/file) by: Teams and/or Users (not Roles)  The ‘User A’ will not inherit the rights to the folder because – folders can not be secured by roles – the user isn’t in the team  Just because a team is assigned to the role, doesn’t mean all users of the role (the team is a member of) inherit the teams’ rights to the folder Team User B Role User A Folder User C Assign rights
  • 6. 6PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Map a User Attribute to the Team – This means the IdP defines who is a member of which Team – In general the number of teams, defined as user attributes in the IdP, is small and certainly much smaller than the number of SAP Analytics Cloud Roles  Assign the Team to multiple roles  Assign the Folder rights to the team  Place rights on folders to benefit from inheritance (rather than on every file) Team Folder Assign rights  Top Tip – Use your own IdP, you’ll need it for SSO to ‘Live’ data sources  Doc links: – Enabling SAML SSO – Mapping Team Attributes Map Users to Teams SAML2 Identity Provider (IdP) User User Attribute Team SAP Analytics Cloud User Role B Team Role A
  • 7. 7PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  SAML2 IdP ensures Seamless Single-Sign-On for connections to data sources (typically on- premise) – Must be the same IdP – SAML is not the only option. X509 certificate and Kerberos is also possible if the database supports it  Top Tip: Enable “Dynamic User Creation” so users are automatically created in SAP Analytics Cloud! – No automatic deletion of users to keep their personal content safe SAML2 Identity Provider (IdP) SAP Analytics Cloud Database SAML2 Trust relationship SAML2 Trust relationship SAML token SAML token SAML token
  • 8. 8PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Organise Public Folders so to take advantage of inheritance rights – Not too deep! Users experience the structure! – Need to avoid too many clicks for the user  A folder per Project (or Line of Business) – The generic ‘Models’ folder generally isn’t suitable, as different models need to be secured differently. Storing all models in one folder means managing the security on every model individually – Models are best placed in each Projects folder so to benefit from folder security inheritance – Users will also be less confused. Makes more sense that Stories and Models are in the same place  Top Tip - Delete the system generated ‘Models’ folder  From wave 2019.13 (and the 2019 Q3 Quarterly Release) you can limit who can create content in the Public root Public Project B Project C Project A Models
  • 9. 9PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Read Project A Ad-hoc Secure Project A Ad-Hoc Project A Secure Create Read (deny others) Project A Ad-Hoc Project A Standard Project A Secure Standard Security Concepts and Best Practice  Assign the rights as shown between Teams and Folders  Store the ‘standard’ models/stories/applications in the Project ‘root’ folder so to keep the number of clicks reduced – The 'Standard' sub-folder could be used, but using such a folder is unnecessary and just forces the user to have an additional click. So, best to collapse it into the 'root' of the Project Folder.  A typical Project will contain – 'Standard' content that everyone within the Project will need access too. This content is 'static' in general and 'approved' by 'IT' for standards, layout and performance etc. – Ad-hoc content. This is content the Business Users create and use. Once content here is identified as 'business critical', it should be managed by 'IT', brought up to standards (for layout and performance etc.) and then moved into the 'Standard' content area (potentially via a development environment beforehand) – Secure content. This is content that only a selected number of users within the Project have access too
  • 10. 10PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ Security Concepts and Best Practice  Use inheritance to your advantage – Avoid assigning rights on individual files or individuals – Assign rights to Teams and Folders only  Denying rights – You can not explicitly ‘deny’ a right – Can only grant rights – So, remove the right to ‘All Users’ as required  Content, including models, can be searched on by name  Good naming convention is essential – For models, content (stories, applications) & folders – Users like ‘codes’ to ease searching – Avoid long names as it clutters the interface  Top tip – Filter the file types to exclude Models – It prevents users from seeing Models listed alongside other content, like Stories and Digital Boardrooms