Implementing Data Access Control in SAP Datasphere

Hi Everyone,

I want to share a step-by-step guide on how to implement Data Access Control (DAC) in SAP Datasphere. This feature is essential for ensuring that users can only access the data they are authorized to see.

In this example, we will restrict access to a Sales Organization view, allowing user to view only records where SALESORG = EMEA.

Step 1: Create the Sales Organization/Sample View

First, ensure you have a view set up in your SAP Datasphere environment. For this example, we will create a view that contains sales data. Let’s assume this view has 5166 records consisting of 10 columns. This view will contain all the sales data, but we want to restrict access based on the region.

Step 2: Create the Access Control Table

Next, we need to create a table that will define the access control rules. This table will include the following columns:

• Value: The region (in this case, "EMEA").
• User ID: The identifier for the user.
• User Email : The email address of the user.

Example Data

Value	User_ID	    User_email 
EMEA	username    [email protected]        

Step 3: Add the Table to Data Access Control (DAC)

Now that we have our access control table ready, we need to add it to the Data Access Control (DAC) feature in SAP Datasphere.

1. Navigate to the Data builder section in your SAP Datasphere environment.
2. Click on Create New DAC.
3. Name the DAC Sales Org DAC.
4. Set the structure to Single Value Only.

Step 4: Deploy the DAC

After configuring the DAC, the next step is to deploy it. This will make the access control rules active and ready for use.

1. Click on the Deploy button in the DAC interface.
2. Confirm the deployment.

Step 5: Apply DAC to the Sales Organization View

With the DAC deployed, we can now apply it to the Sales Organization view. This will restrict the data to only show records where SALESORG = EMEA.

1. Go back to your Sales Organization view.
2. In the Details, find the option to apply Data Access Control.
3. Select the Sales Org DAC you just created.
4. Map the Sales org with Value column.
5. Save the changes.

Step 6: Verify the Data Restriction

Finally, it’s time to verify that the data restriction is working as intended. After applying the DAC, the view should now only display records for the EMEA region.

1. Refresh the Sales Organization view.
2. Check the record count. You should see 2590 records displayed, confirming that the DAC is functioning correctly.

Conclusion

By completing these steps, you have effectively set up Data Access Control in SAP Datasphere to limit user access to specific records based on the SALESORG value. This functionality is vital for safeguarding sensitive data and ensuring that users can only view the information they are permitted to access.

If you have any questions or require further clarification on any of the steps, please don't hesitate to reach out!