Scenario
A global enterprise wants:
- Finance users → Access only financial data
- Sales users → Access only regional sales data
- HR users → Restricted employee data
- Executives → Cross-domain aggregated KPIs
- Developers → Modeling access but no production data export
You are asked to design RBAC in BDC.
🧱 RBAC Architecture Layers in BDC
RBAC in BDC typically works across four layers:
🔹 1️⃣ Platform-Level Roles
Control:
- Space access
- Data product visibility
- Modeling permissions
- Admin rights
Example roles:
- Space Administrator
- Data Modeler
- Viewer
- Data Product Owner
🔹 2️⃣ Data-Level Security
Controls access to:
- Tables
- Views
- Semantic models
- Data products
This prevents unauthorized dataset exposure.
🔹 3️⃣ Row-Level Security (Data Access Control)
Restricts data based on:
- Company code
- Region
- Cost center
- Business unit
Example:
| User | Access |
|---|---|
| Finance India | Only India company code |
| Sales US | Only US region |
| CFO | All regions |
Implemented using:
- Data access controls
- Attribute-based filtering
🔹 4️⃣ Consumption-Level Security
When consuming via:
- SAP Analytics Cloud
Security must align between:
- BDC roles
- SAC roles
- Identity provider (SSO/IAS)
🏗️ Best Practice RBAC Design Strategy
✅ 1️⃣ Follow Principle of Least Privilege
Users get:
Only the minimum access required to perform their job.
✅ 2️⃣ Domain-Based Access (Data Mesh Ready)
- Finance domain manages finance access
- Sales domain manages sales access
- Federated governance model
✅ 3️⃣ Separate Development & Production
- Dev space
- QA space
- Prod space
Avoid giving developers production data write/export rights.
✅ 4️⃣ Use Role Templates
Create reusable roles:
- Analyst
- Data Engineer
- Business Viewer
- Executive
Reduces complexity.
⚠️ Common RBAC Design Mistakes
❌ Giving broad admin access
❌ Not aligning SAC and BDC roles
❌ Hardcoding filters in models
❌ Ignoring cross-domain governance
❌ No separation of environments
🧠 Architect-Level Insight
In a Data Mesh setup:
- Domains own data products
- Central team defines governance policies
- RBAC ensures secure interoperability
RBAC is not just technical — it is a governance foundation.
🎯 30-Second Interview Answer
RBAC in SAP Business Data Cloud is designed across platform, data, row-level, and consumption layers to ensure secure and governed access. It follows the principle of least privilege, supports domain-based ownership, and integrates with identity providers and SAP Analytics Cloud to provide consistent, enterprise-wide security controls.
You can also checkout ebooks for SAP BDC – Quick Revision – using the link :
Part 1 : https://topmate.io/vartika_gupta11/1954785
Part 2 : https://topmate.io/vartika_gupta11/1956232
Also can schedule a mock interview either by me or my team at topmate for SAP BDC – 35+ Minutes : https://topmate.io/vartika_gupta11/1962923
You can reach out to me or follow my profile for more such helpful content : Vartika Gupta | LinkedIn