3691570 - End user sees additional applications in SAP Datasphere navigation menu despite missing privileges

An end user assigned only to custom roles observes multiple applications in the SAP Datasphere left-side navigation menu (e.g., Catalog, Translation, Semantic Onboarding, Packages, etc.) even though the user does not have the associated privileges to access these applications. Despite the visibility of these menu items, the user cannot open or interact with the applications.

SAP Datasphere

This behavior is by design. Certain Datasphere applications do not enforce privilege checks at the navigation (menu rendering) level. As a result, users may visually see menu entries for which they have no authorization. 

However, authorization checks are fully enforced upon application access. Users without the required privileges cannot enter or perform actions within those applications. Therefore, this is not a security issue.

No technical correction is required.

SAP Development confirms:

• The presence of additional menu items does not indicate incorrect role provisioning.
• The user interface currently displays a broader set of applications before privilege evaluation occurs.
• Access control is correctly enforced inside each application, ensuring security.
• If undesired UI visibility leads to user confusion, SAP recommends submitting an enhancement request.

SAP KBA 3332382 - How to create an enhancement request for SAP Datasphere?

Roles , authorization , privileges , navigation menu , security, custom roles, UI ,  visibility , enhancement request. , KBA , DS-SEC-AUTZ , Authorizations (Locks, etc.) , Problem