Power BI Connector for SAP uses two role collections in SAP BTP to control who can do what inside the connector. An administrator subscribes the tenant to the connector, then assigns the role collections to individual users or groups in the BTP cockpit. Without a role collection, a user can sign in but cannot create or view any data sources.
Role collections #
The connector ships two role collections. They are created automatically when the tenant subscribes:
- Metrica Software Power BI Connector User — sign in, create and edit personal data sources, share them with other users in the same tenant, mint personal access tokens, view your own activity history.
- Metrica Software Power BI Connector Administrator — everything a User does, plus tenant-wide settings on the Administration page (for example, the token expiry policy), visibility into other users’ activity, and the right to invoke GDPR right-to-erasure on data subjects within the tenant.
The Administrator collection includes the User scope, so administrators do not need both.
Where to assign role collections #
In the BTP cockpit:
- Navigate to the subaccount where the connector is subscribed.
- Open Security → Users.
- Open the user, identity provider group, or SAP IAS group you want to grant access to.
- Add Metrica Software Power BI Connector User or Metrica Software Power BI Connector Administrator.
- Save.
- Ask the user to sign out and back in for the new role to take effect.
Removing access #
Remove the role collection assignment in the BTP cockpit. The user can still sign in (the identity provider still trusts them) but will see You don’t have access on the connector home page.
To revoke any personal access tokens the user has issued, an administrator can use the connector’s Administration view. See Manage Access Tokens.
