Difference between revisions of "Permissions"
From SAP Enable Now Wiki
| (19 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
|- | |- | ||
! Permission !! Provides the following capabilities | ! Permission !! Provides the following capabilities | ||
| + | |- | ||
| + | | '''Audience Assignment''' || Assign Business Roles to content. | ||
|- | |- | ||
| '''Content: Cancel Editing''' || Cancel editing for a Content Object (via Manager). | | '''Content: Cancel Editing''' || Cancel editing for a Content Object (via Manager). | ||
| Line 28: | Line 30: | ||
| '''Course Assignments: View''' || Display existing course assignments. | | '''Course Assignments: View''' || Display existing course assignments. | ||
|- | |- | ||
| − | | '''Editing Report: View''' || Generate the Editing | + | | '''Editing Report: View''' || Generate the ''Objects in Editing'' report, which shows which Content Objects are checked out to which users. Note that the user must also have the '''Views: Reports with Personal Data''' permission to see this report. |
|- | |- | ||
| '''Messages: Create & Send''' || Send Broadcast Messages to users (for an OU or individual user(s)). | | '''Messages: Create & Send''' || Send Broadcast Messages to users (for an OU or individual user(s)). | ||
| Line 49: | Line 51: | ||
|- | |- | ||
| '''Permissions: View''' || Display the permissions currently assigned to users and roles. | | '''Permissions: View''' || Display the permissions currently assigned to users and roles. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| '''Resources: Comment''' || Enter comments for a Resource object. | | '''Resources: Comment''' || Enter comments for a Resource object. | ||
| Line 61: | Line 57: | ||
|- | |- | ||
| '''Resources: Delete from Trash''' || Permanently delete a Resource object. | | '''Resources: Delete from Trash''' || Permanently delete a Resource object. | ||
| + | |- | ||
| + | | '''Resources: Edit''' || Create or change a Resource object. | ||
|- | |- | ||
| '''Resources: Publish''' || Publish a Resource object. | | '''Resources: Publish''' || Publish a Resource object. | ||
| Line 66: | Line 64: | ||
| '''Resources: View''' || View Resources. All Learners and above should have this permission. | | '''Resources: View''' || View Resources. All Learners and above should have this permission. | ||
|- | |- | ||
| − | | '''Roles: ( | + | | '''Roles: Administrate All''' || Create and change Role definitions (over and above just their permissions). |
| + | |- | ||
| + | | '''SAP Companion Configuration: Edit''' || The ability to create, edit, and import SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Configuration'' tab within that. | ||
|- | |- | ||
| − | | ''' | + | | '''SAP Companion Configuration: View''' || The ability to display SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Configuration'' tab within that. |
| − | |||
| − | |||
|- | |- | ||
| − | | ''' | + | | '''SAP Companion Script Snippets: Edit''' || The ability to create, edit, and import SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Snippets'' tab within that. |
|- | |- | ||
| − | | ''' | + | | '''SAP Companion Script Snippets: View''' || The ability to display SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Snippets'' tab within that. |
|- | |- | ||
| '''Scheduler: Edit Jobs''' || Create and edit scheduled jobs for periodically generating reports. | | '''Scheduler: Edit Jobs''' || Create and edit scheduled jobs for periodically generating reports. | ||
| Line 82: | Line 80: | ||
| '''Server Statistics: View''' || Use menu option '''Administration > Server Statistics''' in Manager. | | '''Server Statistics: View''' || Use menu option '''Administration > Server Statistics''' in Manager. | ||
|- | |- | ||
| − | | '''Server: | + | | '''Server: Display Housekeeping''' || In theory, this should let you view any housekeeping settings, but there aren't any - only the ability to run housekeeping tasks, and this is covered by the '''Server: Housekeeping Edit''' permission. |
|- | |- | ||
| − | | '''Server: Housekeeping | + | | '''Server: Edit Housekeeping''' || Run housekeeping tasks (via Manager menu option '''Administration > Server Housekeeping'''). |
|- | |- | ||
| − | | '''Server: | + | | '''Server: Edit Server Settings''' || Use menu option '''Administration > Server Settings''' to maintain server settings (note there is no 'read only' equivalent permission). |
|- | |- | ||
| '''Server: User Import''' || Import new Users via file upload. | | '''Server: User Import''' || Import new Users via file upload. | ||
| Line 106: | Line 104: | ||
| '''Tags: Set''' || Apply '''[[Tag]]s''' to content objects (excludes the 'Published' tag). | | '''Tags: Set''' || Apply '''[[Tag]]s''' to content objects (excludes the 'Published' tag). | ||
|- | |- | ||
| − | | ''' | + | | '''Task Priorities: Delete''' || Delete existing '''[[Priority]]''' (Master Data) definitions. |
| + | |- | ||
| + | | '''Task Priorities: Edit''' || Create or change current '''[[Priority]]''' (Master Data) definitions. | ||
| + | |- | ||
| + | | '''Task Priorities: View''' || Display the list of current '''[[Priority]]''' (Master Data) definitions. | ||
| + | |- | ||
| + | | '''Task Types: Delete''' || Delete existing '''[[Task Type]]''' (Master Data) definitions. | ||
|- | |- | ||
| − | | ''' | + | | '''Task Types: Edit''' || Create and change existing '''[[Task Type]]''' (Master Data) definitions. |
|- | |- | ||
| − | | ''' | + | | '''Task Types: View''' || Display the list of existing '''[[Task Type]]''' (Master Data) definitions. |
|- | |- | ||
| − | | ''' | + | | '''Tasks: Delete''' || Delete a manually-created Task. |
|- | |- | ||
| − | | ''' | + | | '''Tasks: Edit''' || Create manual tasks, and edit existing Tasks. |
|- | |- | ||
| − | | ''' | + | | '''Tasks: View''' || Provides access to the options '''My Tasks''' and '''All Tasks''' on the '''Tasks''' menu in Manager (note that the sub-items '''Editing Report''' and '''Status Report''' have their own permissions). |
|- | |- | ||
| − | | ''' | + | | '''Test Data Creation: Generate Session ID''' || Required for automated server tests. Should not be assigned to any role unless explicitly instructed by SAP (and then probably only for a strictly limited time). |
|- | |- | ||
|'''User List: View''' || Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous). | |'''User List: View''' || Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous). | ||
|- | |- | ||
| − | | '''User Profile: Edit''' || Edit your own User Profile in Manager (menu option '''Settings > User Info > User Settings''') | + | | '''User Profile: Edit''' || Edit your own User Profile in Manager (menu option '''Settings > User Info > User Settings'''). |
| + | |- | ||
| + | | '''User Profile: View''' || Display your own User Profile in Manager (menu option '''Settings > User Info > User Settings'''). | ||
|- | |- | ||
| − | | '''User | + | | '''User Roles: (De)Activate''' || Activate and deactivate Roles. |
| + | |- | ||
| + | | '''User Roles: Delete''' || Delete existing Role definitions. | ||
|- | |- | ||
| − | | '''User: | + | | '''User Roles: Edit''' || Create and change existing Role definitions. |
|- | |- | ||
| − | | '''User: | + | | '''User Roles: View''' || Display existing Role definitions |
|- | |- | ||
| − | | ''' | + | | '''User: Allow AI Support''' || Use the Generative AI features. (Technically, it controls the visibility of the '''Generative AI''' button in the ''Text Editor''.) |
|- | |- | ||
| − | | ''' | + | | '''User: Allow Machine Translation''' || Allows the user to use the machine translation capabilities provided by SAP Translation Hub. This includes 'dynamic translation' capabilities at display time (via SAP Companion or in the Trainer) as well as the ability to perform 'static' translation in Producer (or Manager). |
|- | |- | ||
| − | | ''' | + | | '''User: Delete Details''' || Purge a user's data (only applicable if the data protection feature is activated); this is done via a hover-over link in the User List. |
| + | |- | ||
| + | | '''User: View Details''' || Display personal details for users (only applicable if the data protection feature is activated). | ||
|- | |- | ||
| '''Users: (De)Activate''' || Activate and deactivate individual Users. | | '''Users: (De)Activate''' || Activate and deactivate individual Users. | ||
|- | |- | ||
| − | | ''' | + | | '''Users: Create''' || Manually create Users (typically not done if SSO is active). |
|- | |- | ||
| − | | ''' | + | | '''Users: Delete''' || Delete user records (from the ''Users'' screen in ''Manager''). |
| − | |- ''' | + | |- |
| + | | '''Users: Edit''' || Edit User information (including role assignments) for manually-created users (all information except Roles cannot be changed for imported users). | ||
|- | |- | ||
| − | | ''' | + | | '''Users: View''' || Display the list of Users via Manager menu option '''Administration > Users''' (menu option not visible if permission not granted). |
|- | |- | ||
| − | | ''' | + | | '''Views: Authoring View''' || Access the 'authoring' (and administration) interfaces in Manager and Producer. This permission '''must''' be granted to all 'non-Learner') roles. Note that access to individual functions within these interfaces is typically controlled by separate permissions. |
|- | |- | ||
| − | | ''' | + | | '''Views: Contexts''' || Displays the ''CONTEXTS'' tabbed page for content objects, within ''Manager''. Does not apply to Producer, which always shows this information. This feature was included in the 10.8.5 release. |
|- | |- | ||
| − | | ''' | + | | '''Views: Learner View''' || Access the Learner view in Manager. If SAP Enable Now is used as an LMS and users will access courses directly from Manager, this permission should be granted to all roles. |
|- | |- | ||
| − | | ''' | + | | '''Views: Reports''' || Access the following reports in Manager: ''SAP Companion Usage'', ''SAP Companion for Desktop Usage'', and ''Guided Tour Playbacks''. Most other reports (on the Reports menu drop-down) are controlled by the '''Views: Reports with Personal Data''' permission. The ''Editing Report'' has its own permission ('''Editing Report: View''') as does the ''Status Report'' ('''Status Report: View''') and the ''Server Statistics'' report ('''Server Statistics: View'''). |
|- | |- | ||
| − | | ''' | + | | '''Views: Reports with Personal Data''' || Access Manager reports that include personally-identifiable information (PII). This includes ''Engaged Unique Users'', ''Delivery Channels'', ''Content Visits'', ''Guided Tour Dropouts'', ''Context Help Visits'', all ''User *'' reports, all ''Lesson *'' reports, ''Unsorted Objects'', and ''Learner Feedbacks''. |
|- | |- | ||
| '''Workflow: Create''' || Define a new Workflow process. | | '''Workflow: Create''' || Define a new Workflow process. | ||
| Line 161: | Line 172: | ||
| '''Workflow: Edit''' || Change an existing Workflow process definition. | | '''Workflow: Edit''' || Change an existing Workflow process definition. | ||
|- | |- | ||
| − | | '''Workflow: View''' || Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. | + | | '''Workflow: View''' || Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. Caution: If a Workflow process has been assigned to ''any'' objects in the Workarea, Authors must have this permission, or they will not be able to access the Producer Workarea (they will get a 'You do not have permission' message). |
| + | |- | ||
| + | | '''Workspace Manager''' || Access to the '''Workspaces''' menu in Manager. This is necessary to allow developers/administrators the ability to select a Workspace. | ||
| + | |- | ||
| + | | '''Workspaces: (De)Activate''' || Activate and deactivate individual Workspaces. | ||
| + | |- | ||
| + | | '''Workspaces: Create''' || Create new Workspaces. | ||
| + | |- | ||
| + | | '''Workspaces: Delete''' || Delete existing Workspaces. | ||
| + | |- | ||
| + | | '''Workspaces: Edit''' || Change the details of existing Workspaces - including name/description, and assigning tags and Workflow processes (but not permissions - see Workspaces: Edit Workspaces Permissions) | ||
| + | |- | ||
| + | | '''Workspaces: Edit Workspace Permissions''' || Change the permissions for an existing Workspace. | ||
|} | |} | ||
Latest revision as of 11:47, 27 November 2024
This page provides a complete list of the permissions available in SAP Enable Now, and explains their purpose. Permissions can be assigned at the Organizational Unit, Role, or User level.
| Permission | Provides the following capabilities |
|---|---|
| Audience Assignment | Assign Business Roles to content. |
| Content: Cancel Editing | Cancel editing for a Content Object (via Manager). |
| Content: Change Workflow | Remove or change the Workflow Process assigned to a Content Object. |
| Content: Comment | Enter a Comment for a Content Object (this feature has been removed). |
| Content: Create | Create new Content Objects. |
| Content: Delete | Delete a Content Object (move it to Trash). |
| Content: Delete from Trash | Delete a Content Object from Trash. Note that to completely empty the trash, the permission Resources: Delete from Trash also needs to be assigned. |
| Content: Edit | Edit existing Content Objects (Start Editing; Finish Editing). |
| Content: Publish | Set the Published tag for a Content Object. |
| Content: Upload Active Content | Upload files to the Workarea that could contain 'executable' code (such as JavaScript). Note that the Forbid Active Content setting should be disabled if this permission is granted. |
| Content: View | Display Content Objects (all Learners must at least have this). |
| Course Assignments: Edit | Create or change Assignments (of courses/Content Objects to users/OUs). |
| Course Assignments: View | Display existing course assignments. |
| Editing Report: View | Generate the Objects in Editing report, which shows which Content Objects are checked out to which users. Note that the user must also have the Views: Reports with Personal Data permission to see this report. |
| Messages: Create & Send | Send Broadcast Messages to users (for an OU or individual user(s)). |
| Milestones: Delete | Delete an existing Milestone definition. |
| Milestones: Edit | Create and change Milestones. |
| Milestones: View | Display the list of existing Milestones. |
| Organizational Units: Create | Create new Organizational Units. |
| Organizational Units: Delete | Delete existing Organizational Units. |
| Organizational Units: Edit | Change existing Organizational Unit definitions. |
| Organizational Units: View | Display the current Organizational Unit hierarchy. |
| Permissions: Edit | Change the permissions currently assigned to a user or role. |
| Permissions: View | Display the permissions currently assigned to users and roles. |
| Resources: Comment | Enter comments for a Resource object. |
| Resources: Delete | Delete a Resource object. |
| Resources: Delete from Trash | Permanently delete a Resource object. |
| Resources: Edit | Create or change a Resource object. |
| Resources: Publish | Publish a Resource object. |
| Resources: View | View Resources. All Learners and above should have this permission. |
| Roles: Administrate All | Create and change Role definitions (over and above just their permissions). |
| SAP Companion Configuration: Edit | The ability to create, edit, and import SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Configuration tab within that. |
| SAP Companion Configuration: View | The ability to display SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Configuration tab within that. |
| SAP Companion Script Snippets: Edit | The ability to create, edit, and import SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Snippets tab within that. |
| SAP Companion Script Snippets: View | The ability to display SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Snippets tab within that. |
| Scheduler: Edit Jobs | Create and edit scheduled jobs for periodically generating reports. |
| Scheduler: View Jobs | Display the list of currently-scheduled jobs (to periodically generate reports). |
| Server Statistics: View | Use menu option Administration > Server Statistics in Manager. |
| Server: Display Housekeeping | In theory, this should let you view any housekeeping settings, but there aren't any - only the ability to run housekeeping tasks, and this is covered by the Server: Housekeeping Edit permission. |
| Server: Edit Housekeeping | Run housekeeping tasks (via Manager menu option Administration > Server Housekeeping). |
| Server: Edit Server Settings | Use menu option Administration > Server Settings to maintain server settings (note there is no 'read only' equivalent permission). |
| Server: User Import | Import new Users via file upload. |
| Status Report: View | Generate the Status Report, which lists all Tasks, by Status. |
| Status: Delete | Delete an existing Status (Master Data) definition. |
| Status: Edit | Change an existing Status (Master Data) definition. |
| Status: View | Display the list of existing Status (Master Data) definitions. |
| Tags: Create | Create new Tag (Master Data) definitions. |
| Tags: Delete | Delete existing Tag (Master Data) definitions. |
| Tags: Edit | Create or change existing Tag (Master Data) definitions. |
| Tags: Set | Apply Tags to content objects (excludes the 'Published' tag). |
| Task Priorities: Delete | Delete existing Priority (Master Data) definitions. |
| Task Priorities: Edit | Create or change current Priority (Master Data) definitions. |
| Task Priorities: View | Display the list of current Priority (Master Data) definitions. |
| Task Types: Delete | Delete existing Task Type (Master Data) definitions. |
| Task Types: Edit | Create and change existing Task Type (Master Data) definitions. |
| Task Types: View | Display the list of existing Task Type (Master Data) definitions. |
| Tasks: Delete | Delete a manually-created Task. |
| Tasks: Edit | Create manual tasks, and edit existing Tasks. |
| Tasks: View | Provides access to the options My Tasks and All Tasks on the Tasks menu in Manager (note that the sub-items Editing Report and Status Report have their own permissions). |
| Test Data Creation: Generate Session ID | Required for automated server tests. Should not be assigned to any role unless explicitly instructed by SAP (and then probably only for a strictly limited time). |
| User List: View | Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous). |
| User Profile: Edit | Edit your own User Profile in Manager (menu option Settings > User Info > User Settings). |
| User Profile: View | Display your own User Profile in Manager (menu option Settings > User Info > User Settings). |
| User Roles: (De)Activate | Activate and deactivate Roles. |
| User Roles: Delete | Delete existing Role definitions. |
| User Roles: Edit | Create and change existing Role definitions. |
| User Roles: View | Display existing Role definitions |
| User: Allow AI Support | Use the Generative AI features. (Technically, it controls the visibility of the Generative AI button in the Text Editor.) |
| User: Allow Machine Translation | Allows the user to use the machine translation capabilities provided by SAP Translation Hub. This includes 'dynamic translation' capabilities at display time (via SAP Companion or in the Trainer) as well as the ability to perform 'static' translation in Producer (or Manager). |
| User: Delete Details | Purge a user's data (only applicable if the data protection feature is activated); this is done via a hover-over link in the User List. |
| User: View Details | Display personal details for users (only applicable if the data protection feature is activated). |
| Users: (De)Activate | Activate and deactivate individual Users. |
| Users: Create | Manually create Users (typically not done if SSO is active). |
| Users: Delete | Delete user records (from the Users screen in Manager). |
| Users: Edit | Edit User information (including role assignments) for manually-created users (all information except Roles cannot be changed for imported users). |
| Users: View | Display the list of Users via Manager menu option Administration > Users (menu option not visible if permission not granted). |
| Views: Authoring View | Access the 'authoring' (and administration) interfaces in Manager and Producer. This permission must be granted to all 'non-Learner') roles. Note that access to individual functions within these interfaces is typically controlled by separate permissions. |
| Views: Contexts | Displays the CONTEXTS tabbed page for content objects, within Manager. Does not apply to Producer, which always shows this information. This feature was included in the 10.8.5 release. |
| Views: Learner View | Access the Learner view in Manager. If SAP Enable Now is used as an LMS and users will access courses directly from Manager, this permission should be granted to all roles. |
| Views: Reports | Access the following reports in Manager: SAP Companion Usage, SAP Companion for Desktop Usage, and Guided Tour Playbacks. Most other reports (on the Reports menu drop-down) are controlled by the Views: Reports with Personal Data permission. The Editing Report has its own permission (Editing Report: View) as does the Status Report (Status Report: View) and the Server Statistics report (Server Statistics: View). |
| Views: Reports with Personal Data | Access Manager reports that include personally-identifiable information (PII). This includes Engaged Unique Users, Delivery Channels, Content Visits, Guided Tour Dropouts, Context Help Visits, all User * reports, all Lesson * reports, Unsorted Objects, and Learner Feedbacks. |
| Workflow: Create | Define a new Workflow process. |
| Workflow: Delete | Delete an existing Workflow process definition. |
| Workflow: Edit | Change an existing Workflow process definition. |
| Workflow: View | Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. Caution: If a Workflow process has been assigned to any objects in the Workarea, Authors must have this permission, or they will not be able to access the Producer Workarea (they will get a 'You do not have permission' message). |
| Workspace Manager | Access to the Workspaces menu in Manager. This is necessary to allow developers/administrators the ability to select a Workspace. |
| Workspaces: (De)Activate | Activate and deactivate individual Workspaces. |
| Workspaces: Create | Create new Workspaces. |
| Workspaces: Delete | Delete existing Workspaces. |
| Workspaces: Edit | Change the details of existing Workspaces - including name/description, and assigning tags and Workflow processes (but not permissions - see Workspaces: Edit Workspaces Permissions) |
| Workspaces: Edit Workspace Permissions | Change the permissions for an existing Workspace. |
