SAP Knowledge Base Article - Public

3394814 - After the rollout of Scoped Roles in APJ region (AP10, AP11, AP12 und JP10) the System Owner requires manual action


With the rollout of Scoped Roles last week we have identified, that the user holding the "System Owner" role of an individual tenant in the APJ region (AP10, AP11, AP12 und JP10) requires manual action after the conversion.
An email was sent to all customer having a SAP Datasphere instance in the APJ region explaining the following.

Important this only affects the System Owner and no other user on the tenant.
As a result the System Owner will not see any menu entries on the left menu like Business Builder, Data Builder, Data Integration Monitor, and Connection Management.


SAP Datasphere

Reproducing the Issue

  1. Open the Datasphere tenant (APJ region - AP10, AP11, AP12 und JP10)
  2. Missing applications like Business Builder, Data Builder, Data Integration Monitor and Connection Management


What to do: 
With a user holding either the "System Owner" or a user with the corresponding role of a "DW Administrator",

Create a Custom Scoped Role for the “System Owner” based on the role template “DW Space Administrator”
1. Launch roles management UI (Security > Roles) 
2. Click on "+ Create a new scoped role" at the very bottom of the screen
3. Maintain the name of new scoped role and click “Create” (e.g. Scoped_Data_Warehouse_Cloud_System_Owner)
4. Select role template “DW Space Administrator”
5. Save scoped role
6. Use the action "Assign Scopes" (next to the search bar in the top right) and assign all scopes/spaces required (all spaces the user was assigned to before) by the user with role “System Owner”

Switch to a user that holds "DW Administrator" privileges but is not the system owner:
1. Launch roles management UI (Security > Roles)
2. Open the role created beforehand
3. Navigate to User Assignment in the tab bar
4. Click on either the "+" button and "+ Select Users" or click on “Select Users" in the screen center
5. Select the user that holds the "System Owner" privilege and keep all scopes selected. Follow the steps and save.

With the "System Owner" user sign-out and log in again. All the menu items are visible again, spaces are assigned, and jobs can be executed again under the System Owner user.


datacenter, APJ, scoped,  , KBA , DS-SEC , Security (Users, Roles) , Known Error


SAP Datasphere all versions