Difference between revisions of "Permissions"

From SAP Enable Now Wiki
 
(11 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
|-
 
|-
 
! Permission !! Provides the following capabilities
 
! Permission !! Provides the following capabilities
 +
|-
 +
| '''Audience Assignment''' || Assign Business Roles to content.
 
|-
 
|-
 
| '''Content: Cancel Editing''' || Cancel editing for a Content Object (via Manager).
 
| '''Content: Cancel Editing''' || Cancel editing for a Content Object (via Manager).
Line 28: Line 30:
 
| '''Course Assignments: View''' || Display existing course assignments.
 
| '''Course Assignments: View''' || Display existing course assignments.
 
|-
 
|-
| '''Editing Report: View''' || Generate the Editing Report, which shows which Content Objects are checked out to which users.
+
| '''Editing Report: View''' || Generate the ''Objects in Editing'' report, which shows which Content Objects are checked out to which users. Note that the user must also have the '''Views: Reports with Personal Data''' permission to see this report.
 
|-
 
|-
 
| '''Messages: Create & Send''' || Send Broadcast Messages to users (for an OU or individual user(s)).
 
| '''Messages: Create & Send''' || Send Broadcast Messages to users (for an OU or individual user(s)).
Line 49: Line 51:
 
|-
 
|-
 
| '''Permissions: View''' || Display the permissions currently assigned to users and roles.
 
| '''Permissions: View''' || Display the permissions currently assigned to users and roles.
|-
 
| '''Priorities: Delete''' || Delete existing '''[[Priority]]''' (Master Data) definitions.
 
|-
 
| '''Priorities: Edit''' || Create or change current '''[[Priority]]''' (Master Data) definitions.
 
|-
 
| '''Priorities: View''' || Display the list of current '''[[Priority]]''' (Master Data) definitions.
 
 
|-
 
|-
 
| '''Resources: Comment''' || Enter comments for a Resource object.
 
| '''Resources: Comment''' || Enter comments for a Resource object.
Line 68: Line 64:
 
| '''Resources: View''' || View Resources. All Learners and above should have this permission.
 
| '''Resources: View''' || View Resources. All Learners and above should have this permission.
 
|-
 
|-
| '''Roles: (De)Activate''' || Activate and deactivate Roles.
+
| '''Roles: Administrate All''' || Create and change Role definitions (over and above just their permissions).
 +
|-
 +
| '''SAP Companion Configuration: Edit''' || The ability to create, edit, and import SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Configuration'' tab within that.
 
|-
 
|-
| '''Roles: Administrate All''' || Create and change Role definitions (over and above just their permissions).
+
| '''SAP Companion Configuration: View''' || The ability to display SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Configuration'' tab within that.
|-
 
| '''Roles: Delete''' || Delete existing Role definitions.
 
 
|-
 
|-
| '''Roles: Edit''' || Create and change existing Role definitions.
+
| '''SAP Companion Script Snippets: Edit''' || The ability to create, edit, and import SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Snippets'' tab within that.
 
|-
 
|-
| '''Roles: View''' || Display existing Role definitions
+
| '''SAP Companion Script Snippets: View''' || The ability to display SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the '''Administration > Web Assistant Configuration''' menu in Manager, and the ''Snippets'' tab within that.
 
|-
 
|-
 
| '''Scheduler: Edit Jobs''' || Create and edit scheduled jobs for periodically generating reports.
 
| '''Scheduler: Edit Jobs''' || Create and edit scheduled jobs for periodically generating reports.
 
|-
 
|-
 
| '''Scheduler: View Jobs''' || Display the list of currently-scheduled jobs (to periodically generate reports).
 
| '''Scheduler: View Jobs''' || Display the list of currently-scheduled jobs (to periodically generate reports).
|-
 
| '''Snippet Authors''' || The ability to create, edit, and import Web Assistant script snippets - currently only used for Ariba (I think), but ultimately will be used to perform configuration for third-party web applications. This role provides (Edit) access to the '''Administration > Web Assistant Configuration''' menu in Manager. [Added in Release 2105]
 
 
|-
 
|-
 
| '''Server Statistics: View''' || Use menu option '''Administration > Server Statistics''' in Manager.
 
| '''Server Statistics: View''' || Use menu option '''Administration > Server Statistics''' in Manager.
 
|-
 
|-
| '''Server: Edit Server Settings''' || Use menu option '''Administration > Server Settings''' to maintain server settings (note there is no 'read only' equivalent permission).
+
| '''Server: Display Housekeeping''' || In theory, this should let you view any housekeeping settings, but there aren't any - only the ability to run housekeeping tasks, and this is covered by the '''Server: Housekeeping Edit''' permission.
 
|-
 
|-
| '''Server: Housekeeping Edit''' || Run housekeeping tasks (via Manager menu option '''Administration > Server Housekeeping''').
+
| '''Server: Edit Housekeeping''' || Run housekeeping tasks (via Manager menu option '''Administration > Server Housekeeping''').
 
|-
 
|-
| '''Server: Housekeeping View''' || In theory, this should let you view any housekeeping settings, but there aren't any - only the ability to run housekeeping tasks, and this is covered by the '''Server: Housekeeping Edit''' permission.
+
| '''Server: Edit Server Settings''' || Use menu option '''Administration > Server Settings''' to maintain server settings (note there is no 'read only' equivalent permission).
 
|-
 
|-
 
| '''Server: User Import''' || Import new Users via file upload.
 
| '''Server: User Import''' || Import new Users via file upload.
Line 109: Line 103:
 
|-
 
|-
 
| '''Tags: Set''' || Apply '''[[Tag]]s''' to content objects (excludes the 'Published' tag).
 
| '''Tags: Set''' || Apply '''[[Tag]]s''' to content objects (excludes the 'Published' tag).
 +
|-
 +
| '''Task Priorities: Delete''' || Delete existing '''[[Priority]]''' (Master Data) definitions.
 +
|-
 +
| '''Task Priorities: Edit''' || Create or change current '''[[Priority]]''' (Master Data) definitions.
 +
|-
 +
| '''Task Priorities: View''' || Display the list of current '''[[Priority]]''' (Master Data) definitions.
 +
|-
 +
| '''Task Types: Delete''' || Delete existing '''[[Task Type]]''' (Master Data) definitions.
 +
|-
 +
| '''Task Types: Edit''' || Create and change existing '''[[Task Type]]''' (Master Data) definitions.
 +
|-
 +
| '''Task Types: View''' || Display the list of existing '''[[Task Type]]''' (Master Data) definitions.
 
|-
 
|-
 
| '''Tasks: Delete''' || Delete a manually-created Task.
 
| '''Tasks: Delete''' || Delete a manually-created Task.
Line 117: Line 123:
 
|-
 
|-
 
| '''Test Data Creation: Generate Session ID''' || Required for automated server tests. Should not be assigned to any role unless explicitly instructed by SAP (and then probably only for a strictly limited time).
 
| '''Test Data Creation: Generate Session ID''' || Required for automated server tests. Should not be assigned to any role unless explicitly instructed by SAP (and then probably only for a strictly limited time).
 +
|-
 +
|'''User List: View''' || Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous).
 
|-
 
|-
| '''Types: Delete''' || Delete existing '''[[Task Type]]''' (Master Data) definitions.
+
| '''User Profile: Edit''' || Edit your own User Profile in Manager (menu option '''Settings > User Info > User Settings''').
 
|-
 
|-
| '''Types: Edit''' || Create and change existing '''[[Task Type]]''' (Master Data) definitions.
+
| '''User Profile: View''' || Display your own User Profile in Manager (menu option '''Settings > User Info > User Settings''').
 
|-
 
|-
| '''Types: View''' || Display the list of existing '''[[Task Type]]''' (Master Data) definitions.
+
| '''User Roles: (De)Activate''' || Activate and deactivate Roles.
 
|-  
 
|-  
|'''User List: View''' || Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous).
+
| '''User Roles: Delete''' || Delete existing Role definitions.
 +
|-
 +
| '''User Roles: Edit''' || Create and change existing Role definitions.
 +
|-
 +
| '''User Roles: View''' || Display existing Role definitions
 +
|-
 +
| '''User: Allow AI Support''' || Use the Generative AI features. (Technically, it controls the visibility of the '''Generative AI''' button in the ''Text Editor''.)
 
|-
 
|-
| '''User Profile: Edit''' || Edit your own User Profile in Manager (menu option '''Settings > User Info > User Settings''').
+
| '''User: Allow Machine Translation''' || Allows the user to use the machine translation capabilities provided by SAP Translation Hub. This includes 'dynamic translation' capabilities at display time (via SAP Companion or in the Trainer) as well as the ability to perform 'static' translation in Producer (or Manager).
 
|-
 
|-
| '''User Profile: View''' || Display your own User Profile in Manager (menu option '''Settings > User Info > User Settings''').
+
| '''User: Delete Details''' || Purge a user's data (only applicable if the data protection feature is activated); this is done via a hover-over link in the User List.
 
|-
 
|-
 
| '''User: View Details''' || Display personal details for users (only applicable if the data protection feature is activated).
 
| '''User: View Details''' || Display personal details for users (only applicable if the data protection feature is activated).
 
|-
 
|-
| '''User: Delete Details''' || Purge a user's data (only applicable if the data protection feature is activated); this is done via a hover-over link in the User List.
+
| '''Users: (De)Activate''' || Activate and deactivate individual Users.
 
|-
 
|-
 
| '''Users: Create''' || Manually create Users (typically not done if SSO is active).
 
| '''Users: Create''' || Manually create Users (typically not done if SSO is active).
 +
|-
 +
| '''Users: Delete''' || Delete user records (from the ''Users'' screen in ''Manager'').
 
|-
 
|-
 
| '''Users: Edit''' || Edit User information (including role assignments) for manually-created users (all information except Roles cannot be changed for imported users).
 
| '''Users: Edit''' || Edit User information (including role assignments) for manually-created users (all information except Roles cannot be changed for imported users).
Line 140: Line 156:
 
| '''Users: View''' || Display the list of Users via Manager menu option '''Administration > Users''' (menu option not visible if permission not granted).
 
| '''Users: View''' || Display the list of Users via Manager menu option '''Administration > Users''' (menu option not visible if permission not granted).
 
|-
 
|-
| '''Users: (De)Activate''' || Activate and deactivate individual Users.
+
| '''Views: Authoring View''' || Access the 'authoring' (and administration) interfaces in Manager and Producer. This permission '''must''' be granted to all 'non-Learner') roles. Note that access to individual functions within these interfaces is typically controlled by separate permissions.
 
|-
 
|-
| '''Views: Authoring View''' || Access the 'authoring' (and administration) interfaces in Manager and Producer. This permission must be granted to all 'non-Learner) roles. Note that access to individual functions within these interfaces is typically controlled by separate permissions.
+
| '''Views: Contexts''' || Displays the ''CONTEXTS'' tabbed page for content objects, within ''Manager''. Does not apply to Producer, which always shows this information. This feature was included in the 10.8.5 release.
 
|-
 
|-
 
| '''Views: Learner View''' || Access the Learner view in Manager. If SAP Enable Now is used as an LMS and users will access courses directly from Manager, this permission should be granted to all roles.
 
| '''Views: Learner View''' || Access the Learner view in Manager. If SAP Enable Now is used as an LMS and users will access courses directly from Manager, this permission should be granted to all roles.
 
|-
 
|-
| '''Views: Learning Reports''' || Access the various Manager reports that are accessible via the Learning Reports menu option.
+
| '''Views: Reports''' || Access the following reports in Manager: ''SAP Companion Usage'', ''SAP Companion for Desktop Usage'', and ''Guided Tour Playbacks''. Most other reports (on the Reports menu drop-down) are controlled by the '''Views: Reports with Personal Data''' permission. The ''Editing Report'' has its own permission ('''Editing Report: View''') as does the ''Status Report'' ('''Status Report: View''') and the ''Server Statistics'' report ('''Server Statistics: View''').
 
|-
 
|-
| '''Web Assistant Administrator''' || The ability to define Web Assistant configuration sets - currently only used for Ariba (I think), but ultimately will be used to perform configuration for third-party web applications. This role provides (View) access to the '''Administration > Web Assistant Script Snippets''' menu and (Edit) access to the '''Administration > Web Assistant Configuration''' menu in Manager. [Added in Release 2105]
+
| '''Views: Reports with Personal Data''' || Access Manager reports that include personally-identifiable information (PII). This includes ''Engaged Unique Users'', ''Delivery Channels'', ''Content Visits'', ''Guided Tour Dropouts'', ''Context Help Visits'', all ''User *'' reports, all ''Lesson *'' reports, ''Unsorted Objects'', and ''Learner Feedbacks''.
 
|-
 
|-
| '''Workarea Manager''' || Access to the '''Workareas''' menu in Manager. This is necessary to allow developers/administrators the ability to select a Workarea.
+
| '''Workflow: Create''' || Define a new Workflow process.
 
|-
 
|-
| '''Workareas: (De)Activate''' || Activate and deactivate individual Workareas.
+
| '''Workflow: Delete''' || Delete an existing Workflow process definition.
 
|-
 
|-
| '''Workareas: Create''' || Create new Workareas.
+
| '''Workflow: Edit''' || Change an existing Workflow process definition.
 
|-
 
|-
| '''Workareas: Delete''' || Delete existing Workareas.
+
| '''Workflow: View''' || Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. Caution: If a Workflow process has been assigned to ''any'' objects in the Workarea, Authors must have this permission, or they will not be able to access the Producer Workarea (they will get a 'You do not have permission' message).
 
|-
 
|-
| '''Workareas: Edit''' || Change the details of existing Workareas - including name/description, and assigning tags and Workflow processes (but not permissions - see Workareas: Edit Workarea Permissions)
+
| '''Workspace Manager''' || Access to the '''Workspaces''' menu in Manager. This is necessary to allow developers/administrators the ability to select a Workspace.
 
|-
 
|-
| '''Workareas: Edit Workarea Permissions''' || Change the permissions for an existing Workarea.
+
| '''Workspaces: (De)Activate''' || Activate and deactivate individual Workspaces.
 
|-
 
|-
| '''Workflow: Create''' || Define a new Workflow process.
+
| '''Workspaces: Create''' || Create new Workspaces.
 
|-
 
|-
| '''Workflow: Delete''' || Delete an existing Workflow process definition.
+
| '''Workspaces: Delete''' || Delete existing Workspaces.
 
|-
 
|-
| '''Workflow: Edit''' || Change an existing Workflow process definition.
+
| '''Workspaces: Edit''' || Change the details of existing Workspaces - including name/description, and assigning tags and Workflow processes (but not permissions - see Workspaces: Edit Workspaces Permissions)
 
|-
 
|-
| '''Workflow: View''' || Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. Caution: If a Workflow process has been assigned to ''any'' objects in the Workarea, Authors must have this permission, or they will not be able to access the Producer Workarea (they will get a 'You do not have permission' message).
+
| '''Workspaces: Edit Workspace Permissions''' || Change the permissions for an existing Workspace.
 
|}
 
|}

Latest revision as of 11:47, 27 November 2024

This page provides a complete list of the permissions available in SAP Enable Now, and explains their purpose. Permissions can be assigned at the Organizational Unit, Role, or User level.

Permission Provides the following capabilities
Audience Assignment Assign Business Roles to content.
Content: Cancel Editing Cancel editing for a Content Object (via Manager).
Content: Change Workflow Remove or change the Workflow Process assigned to a Content Object.
Content: Comment Enter a Comment for a Content Object (this feature has been removed).
Content: Create Create new Content Objects.
Content: Delete Delete a Content Object (move it to Trash).
Content: Delete from Trash Delete a Content Object from Trash. Note that to completely empty the trash, the permission Resources: Delete from Trash also needs to be assigned.
Content: Edit Edit existing Content Objects (Start Editing; Finish Editing).
Content: Publish Set the Published tag for a Content Object.
Content: Upload Active Content Upload files to the Workarea that could contain 'executable' code (such as JavaScript). Note that the Forbid Active Content setting should be disabled if this permission is granted.
Content: View Display Content Objects (all Learners must at least have this).
Course Assignments: Edit Create or change Assignments (of courses/Content Objects to users/OUs).
Course Assignments: View Display existing course assignments.
Editing Report: View Generate the Objects in Editing report, which shows which Content Objects are checked out to which users. Note that the user must also have the Views: Reports with Personal Data permission to see this report.
Messages: Create & Send Send Broadcast Messages to users (for an OU or individual user(s)).
Milestones: Delete Delete an existing Milestone definition.
Milestones: Edit Create and change Milestones.
Milestones: View Display the list of existing Milestones.
Organizational Units: Create Create new Organizational Units.
Organizational Units: Delete Delete existing Organizational Units.
Organizational Units: Edit Change existing Organizational Unit definitions.
Organizational Units: View Display the current Organizational Unit hierarchy.
Permissions: Edit Change the permissions currently assigned to a user or role.
Permissions: View Display the permissions currently assigned to users and roles.
Resources: Comment Enter comments for a Resource object.
Resources: Delete Delete a Resource object.
Resources: Delete from Trash Permanently delete a Resource object.
Resources: Edit Create or change a Resource object.
Resources: Publish Publish a Resource object.
Resources: View View Resources. All Learners and above should have this permission.
Roles: Administrate All Create and change Role definitions (over and above just their permissions).
SAP Companion Configuration: Edit The ability to create, edit, and import SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Configuration tab within that.
SAP Companion Configuration: View The ability to display SAP Companion configuration scripts (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Configuration tab within that.
SAP Companion Script Snippets: Edit The ability to create, edit, and import SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Snippets tab within that.
SAP Companion Script Snippets: View The ability to display SAP Companion script snippets (used for SAP Companion integration with some SAP applications). This role provides access to the Administration > Web Assistant Configuration menu in Manager, and the Snippets tab within that.
Scheduler: Edit Jobs Create and edit scheduled jobs for periodically generating reports.
Scheduler: View Jobs Display the list of currently-scheduled jobs (to periodically generate reports).
Server Statistics: View Use menu option Administration > Server Statistics in Manager.
Server: Display Housekeeping In theory, this should let you view any housekeeping settings, but there aren't any - only the ability to run housekeeping tasks, and this is covered by the Server: Housekeeping Edit permission.
Server: Edit Housekeeping Run housekeeping tasks (via Manager menu option Administration > Server Housekeeping).
Server: Edit Server Settings Use menu option Administration > Server Settings to maintain server settings (note there is no 'read only' equivalent permission).
Server: User Import Import new Users via file upload.
Status Report: View Generate the Status Report, which lists all Tasks, by Status.
Status: Delete Delete an existing Status (Master Data) definition.
Status: Edit Change an existing Status (Master Data) definition.
Status: View Display the list of existing Status (Master Data) definitions.
Tags: Create Create new Tag (Master Data) definitions.
Tags: Delete Delete existing Tag (Master Data) definitions.
Tags: Edit Create or change existing Tag (Master Data) definitions.
Tags: Set Apply Tags to content objects (excludes the 'Published' tag).
Task Priorities: Delete Delete existing Priority (Master Data) definitions.
Task Priorities: Edit Create or change current Priority (Master Data) definitions.
Task Priorities: View Display the list of current Priority (Master Data) definitions.
Task Types: Delete Delete existing Task Type (Master Data) definitions.
Task Types: Edit Create and change existing Task Type (Master Data) definitions.
Task Types: View Display the list of existing Task Type (Master Data) definitions.
Tasks: Delete Delete a manually-created Task.
Tasks: Edit Create manual tasks, and edit existing Tasks.
Tasks: View Provides access to the options My Tasks and All Tasks on the Tasks menu in Manager (note that the sub-items Editing Report and Status Report have their own permissions).
Test Data Creation: Generate Session ID Required for automated server tests. Should not be assigned to any role unless explicitly instructed by SAP (and then probably only for a strictly limited time).
User List: View Display users in any picklists in Manager or Producer. This permission must be granted to all roles that have a need to display or select a user (which is effectively everything except Learner and Anonymous).
User Profile: Edit Edit your own User Profile in Manager (menu option Settings > User Info > User Settings).
User Profile: View Display your own User Profile in Manager (menu option Settings > User Info > User Settings).
User Roles: (De)Activate Activate and deactivate Roles.
User Roles: Delete Delete existing Role definitions.
User Roles: Edit Create and change existing Role definitions.
User Roles: View Display existing Role definitions
User: Allow AI Support Use the Generative AI features. (Technically, it controls the visibility of the Generative AI button in the Text Editor.)
User: Allow Machine Translation Allows the user to use the machine translation capabilities provided by SAP Translation Hub. This includes 'dynamic translation' capabilities at display time (via SAP Companion or in the Trainer) as well as the ability to perform 'static' translation in Producer (or Manager).
User: Delete Details Purge a user's data (only applicable if the data protection feature is activated); this is done via a hover-over link in the User List.
User: View Details Display personal details for users (only applicable if the data protection feature is activated).
Users: (De)Activate Activate and deactivate individual Users.
Users: Create Manually create Users (typically not done if SSO is active).
Users: Delete Delete user records (from the Users screen in Manager).
Users: Edit Edit User information (including role assignments) for manually-created users (all information except Roles cannot be changed for imported users).
Users: View Display the list of Users via Manager menu option Administration > Users (menu option not visible if permission not granted).
Views: Authoring View Access the 'authoring' (and administration) interfaces in Manager and Producer. This permission must be granted to all 'non-Learner') roles. Note that access to individual functions within these interfaces is typically controlled by separate permissions.
Views: Contexts Displays the CONTEXTS tabbed page for content objects, within Manager. Does not apply to Producer, which always shows this information. This feature was included in the 10.8.5 release.
Views: Learner View Access the Learner view in Manager. If SAP Enable Now is used as an LMS and users will access courses directly from Manager, this permission should be granted to all roles.
Views: Reports Access the following reports in Manager: SAP Companion Usage, SAP Companion for Desktop Usage, and Guided Tour Playbacks. Most other reports (on the Reports menu drop-down) are controlled by the Views: Reports with Personal Data permission. The Editing Report has its own permission (Editing Report: View) as does the Status Report (Status Report: View) and the Server Statistics report (Server Statistics: View).
Views: Reports with Personal Data Access Manager reports that include personally-identifiable information (PII). This includes Engaged Unique Users, Delivery Channels, Content Visits, Guided Tour Dropouts, Context Help Visits, all User * reports, all Lesson * reports, Unsorted Objects, and Learner Feedbacks.
Workflow: Create Define a new Workflow process.
Workflow: Delete Delete an existing Workflow process definition.
Workflow: Edit Change an existing Workflow process definition.
Workflow: View Display a Workflow process definition in Manager. Also necessary to be able to see/select a Workflow process for a Task. Caution: If a Workflow process has been assigned to any objects in the Workarea, Authors must have this permission, or they will not be able to access the Producer Workarea (they will get a 'You do not have permission' message).
Workspace Manager Access to the Workspaces menu in Manager. This is necessary to allow developers/administrators the ability to select a Workspace.
Workspaces: (De)Activate Activate and deactivate individual Workspaces.
Workspaces: Create Create new Workspaces.
Workspaces: Delete Delete existing Workspaces.
Workspaces: Edit Change the details of existing Workspaces - including name/description, and assigning tags and Workflow processes (but not permissions - see Workspaces: Edit Workspaces Permissions)
Workspaces: Edit Workspace Permissions Change the permissions for an existing Workspace.