SAP Knowledge Base Article - Public

2996671 - SAC Disaggregation on non-accessible members - LOD-ANA-PL

Symptom

When entering a value on a node of a hierarchy, the value is distributed also to members which are out of Data Access Control.

For example, a value entered into an empty cell is booked to the unassigned member (#) of a dimension that is not on the table axis and not restricted by a filter, even though the user is only allowed to read and write to specific members of the dimension (that do not include the unassigned member). This may be noticed only later, when the user tries to publish the changes to the version. It may also be observed when putting the dimension in question on the table axis or looking at the members offered by filter controls.

Environment

SAP Analytics Cloud, all versions

Reproducing the Issue

Perform a data entry on a node in a hierarchy for a model that has Data Access Control enabled and that has leaves for which the user does not have write access.

Cause

The behavior described is intended by the design of planning in SAC

Resolution

Users plan on copies of the data in their own private versions. Within these private versions, for the sake of planning and simulation, they are allowed to manipulate data on any members they like. Only when the data is saved back to the public versions (by publishing explicitly created private versions or by saving the state of ad-hoc edited public versions) is the data access control enforced. Users can then decide to publish only the facts for members they are allowed to write to, or cancel and still adjust the data. There is the option to work with cell locks, in order to limit the disaggregation behavior of data entry.

A work-around to enforce the data access control during disaggregation is to turn on the "Hide Parents" option of the dimension’s data access control settings.This will have the effect that only members for which the user has at least read rights will be considered for reporting and disaggregation.Note that with this data access control option, the story filters must not refer to members (e.g. higher level hierarchy nodes) that the users are not authorized to read.For further effects of the hideparents option, see the SAP Analytics Cloud help on settingup data access control.

Another alternative is to restrict access with the data locking feature instead of with the dimension-based data access control, and then turn on the “Data Disaggregation based on Data Locking" option in the planning section of the model preferences. For further information on this alternative, see the SAP Analytics Cloud help on configuring data locking.

See Also

Your feedback is important to help us improve our knowledge base.

Keywords

SAP Cloud for Planning , sc4p , c4p , cforp , cloudforplanning , Cloud for Analytics , Cloud4Analytics , CloudforAnalytics , Cloud 4 Planning , BOC , SAPBusinessObjectsCloud , BusinessObjectsCloud , BOBJcloud , BOCloud. , SAC , SAP AC , Cloud-Analytics , CloudAnalytics , SAPCloudAnalytics ,Error , Issue , System , Data , User , Unable , Access , Sac , distribute , distribution , mbr , value , amount , data , DAC , dim , dimension member , data access , data access control , bookmarks , dimension-based DAC , role , dimension-based data access control , READ and WRITE, READ , WRITE , cell , KBA , LOD-ANA-PL-DIS , Distribute, Spreading, Assign, Copy & Paste , LOD-ANA-PL , Planning , LOD-ANA-TAB , Table , Product Enhancement

Product

SAP Analytics Cloud 1.0