SAP Analytics Cloud Tenants API for setting right permissions

Hello All,

Assigning the right accesses, privileges or permissions to the right people ensuring that only the authorised individuals could access certain data on the SaaS (Cloud) based applications is the paramount for any business application.

In this blog, we tried to summarise the steps on how to revoke the rights using an API for the SAP Analytics Cloud users from unintended actions.

Problem Statement: 

SAP Analytics Cloud has provision that allows ALL users to create content in the “Sample Folder” in the File structure which sometimes is challenging for the administrators to manage that content further.

Requirement: 

This would require then to have an ability for the Administrator(BI admin) to remove the rights from users from accessing and creating any content in the sample folder.

Solution: 

The SAP Analytics Cloud Tenant API is a REST API that allows the third party applications access to story and user data stored on an SAP Analytics Cloud tenant.

Using the /Permissions endpoint, you can retrieve content’s permission information and modify it.

Process: 

  • Step 1: Under System > Administration > App Integration, create a new OAuth client with API Access. Follow this guide for steps on how to create an OAuth client in SAC.

  • Step 2: The following GET request returns information on who has access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES

  • Step 3: The following DELETE request revokes the default (ALL) grantee’s access to Samples folder: https://<TENANT ID>/api/v1/permissions/SAMPLES/ALL

For more details on the SAP Analytics Cloud APIs, please check out the API Hub : https://api.sap.com/package/SAPAnalyticsCloud/rest

Detailed documentation on SAP Analytics Cloud APIs : https://help.sap.com/docs/SAP_ANALYTICS_CLOUD?q=APIs