Update from SAP DITA CMS (squashed):

commit 2a47ba08db7e726d969faac599a5d1304653be53 Author: REDACTED Date: Thu Oct 19 11:12:12 2023 +0000 Update from SAP DITA CMS 2023-10-19 11:12:12 Project: dita-all/zdd1692653548544 Project map: af2fcb3e6dd448f3af3c0ff9c70daaf9.ditamap Language: en-US commit e42a889d8d99974de5733e3343748c9efe85cbf4 Author: REDACTED Date: Thu Oct 19 11:06:06 2023 +0000 Update from SAP DITA CMS 2023-10-19 11:06:06 Project: dita-all/zdd1692653548544 Project map: af2fcb3e6dd448f3af3c0ff9c70daaf9.ditamap Language: en-US commit 8aadee8568e2b36a566c89658700296d793cdf37 Author: REDACTED Date: Thu Oct 19 11:05:54 2023 +0000 Update from SAP DITA CMS 2023-10-19 11:05:53 Project: dita-all/zdd1692653548544 Project map: af2fcb3e6dd448f3af3c0ff9c70daaf9.ditamap Language: en-US commit 0a2df43037c80208b8fff2acf963301fb0612b6d Author: REDACTED Date: Thu Oct 19 10:49:33 2023 +0000 Update from SAP DITA CMS 2023-10-19 10:49:33 ################################################## [Remaining squash message was removed before commit...]
SAP-docs · Oct 20, 2023 · 511cb54 · 511cb54
1 parent 4f0db43
commit 511cb54
Show file tree

Hide file tree

Showing 30 changed files with 622 additions and 220 deletions.
diff --git a/...Data-in-the-Data-Builder/capturing-delta-changes-in-your-local-table-154bdff.md b/...Data-in-the-Data-Builder/capturing-delta-changes-in-your-local-table-154bdff.md
@@ -147,8 +147,6 @@ When a local table with delta capture is deployed, the following objects are cre
     > This table is saved in the repository, but is deployed as a view in the database.
 
 
-The graphic below shows the different objects created: ![](images/Local_Table_with_Delta_Capture_-_Objects_created_90f3de9.png)
-
 The 2 objects are consumed differently by SAP Datasphere apps:
 
 -   Most SAP Datasphere apps consume a local table with delta capture through the *Active Records* table only. In these cases, local tables behave the same way independent of whether *Delta Capture* is set to "*On*" or "*Off*". For examples in Graphical Views, SQL Views, E/R Modeler or Business Builder.
@@ -165,3 +163,6 @@ The 2 objects are consumed differently by SAP Datasphere apps:
 
 
 
+> ### Note:  
+> The Delta Capture Table is an internal table whose structure can incompatibly change at any time. It is not allowed for external data access and is only consumed by the above SAP Datasphere internal apps.
+
diff --git a/...quiring-and-Preparing-Data-in-the-Data-Builder/creating-a-task-chain-d1afbc2.md b/...quiring-and-Preparing-Data-in-the-Data-Builder/creating-a-task-chain-d1afbc2.md
@@ -12,7 +12,7 @@ Group multiple tasks into a task chain and run them manually once, or periodical
 
 ## Prerequisites
 
--   The DW Modeler role is required to create task chains and the additional DW Integrator role is required to set up email notification for completion of executed task chains. See [Standard Application Roles](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/a50a51d80d5746c9b805a2aacbb7e4ee.html "SAP Datasphere is delivered with several standard roles. A standard role includes a predefined set of privileges and permissions.") :arrow_upper_right: for more information. In addition to these two role privileges, when setting up email notifications, either the Team.Read or User.Read privilege is also required to display and add notification recipients from a list of current tenant members. See [Privileges and Permissions](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/d7350c6823a14733a7a5727bad8371aa.html "A privilege represents a task or an area in SAP Datasphere and can be assigned to a specific role. The actions that can be performed in the area are determined by the permissions assigned to a privilege.") :arrow_upper_right:.
+-   The DW Modeler role is required to create task chains and the additional DW Integrator role is required to set up email notification for completion of executed task chains. See [Standard Roles Delivered with SAP Datasphere](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/a50a51d80d5746c9b805a2aacbb7e4ee.html "SAP Datasphere is delivered with several standard roles. A standard role includes a predefined set of privileges and permissions.") :arrow_upper_right: for more information. In addition to these two role privileges, when setting up email notifications, either the Team.Read or User.Read privilege is also required to display and add notification recipients from a list of current tenant members. See [Privileges and Permissions](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/d7350c6823a14733a7a5727bad8371aa.html "A privilege represents a task or an area in SAP Datasphere and can be assigned to a specific role. The actions that can be performed in the area are determined by the permissions assigned to a privilege.") :arrow_upper_right:.
 
 -   Objects must have been already deployed, so that they can be added to the task chain. Task chains must also be deployed to allow selection of tenant users or specify email addresses for notification of task chain completion.
 
@@ -396,7 +396,7 @@ In addition to linear task chains in which one task is executed after another, y
 After creating and deploying a task chain, you can set up email notification for completion of task chain runs.
 
 > ### Note:  
-> The DW Integrator role is required to set up email notification for completion of executed task chains. The *Email Notifications* section of the task chain *Properties* panel will not appear if you do not have this privilege assigned. See [Standard Application Roles](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/a50a51d80d5746c9b805a2aacbb7e4ee.html "SAP Datasphere is delivered with several standard roles. A standard role includes a predefined set of privileges and permissions.") :arrow_upper_right: for more information. In addition to the DW Integrator role, when setting up email notifications, either the Team.Read or User.Read privilege is also required to display and add notification recipients from a list of current tenant members.
+> The DW Integrator role is required to set up email notification for completion of executed task chains. The *Email Notifications* section of the task chain *Properties* panel will not appear if you do not have this privilege assigned. See [Standard Roles Delivered with SAP Datasphere](https://help.sap.com/viewer/9f804b8efa8043539289f42f372c4862/cloud/en-US/a50a51d80d5746c9b805a2aacbb7e4ee.html "SAP Datasphere is delivered with several standard roles. A standard role includes a predefined set of privileges and permissions.") :arrow_upper_right: for more information. In addition to the DW Integrator role, when setting up email notifications, either the Team.Read or User.Read privilege is also required to display and add notification recipients from a list of current tenant members.
 
 To set up email notification:
 

diff --git a/.../Administering/Creating-Spaces-and-Allocating-Storage/create-a-space-bbd41b8.md b/.../Administering/Creating-Spaces-and-Allocating-Storage/create-a-space-bbd41b8.md
@@ -2,7 +2,7 @@
 
 # Create a Space
 
-Create a space, allocate storage, and assign one or more members to allow them to start acquiring and preparing data.
+Create a space, allocate storage, and set the space priority and statement limits.
 
 
 
@@ -11,7 +11,7 @@ Create a space, allocate storage, and assign one or more members to allow them t
 ## Context
 
 > ### Note:  
-> Only administrators can create spaces, allocate storage, and set the space priority and statement limits. The remaining space properties can be managed by the space administrators that the administrator assigns as members to the space.
+> Only administrators can create spaces, allocate storage, and set the space priority and statement limits. The remaining space properties can be managed by the space administrators that the administrator assigns to the space via a scoped role.
 
 
 
@@ -233,16 +233,7 @@ Create a space, allocate storage, and assign one or more members to allow them t
 
     For more information, see [Set a Priority and Statement Limits for a Space](set-a-priority-and-statement-limits-for-a-space-d66ac1e.md).
 
-6.  Use the list in the *Members* section to add users as members of the space.
-
-    You must assign at least one member in order to use the space:
-
-    -   **DW Space Administrator** - Can manage all aspects of a space \(except the *Storage Assignment* and *Workload Management* properties\) and can create data access controls and use the *Content Network*.
-    -   *DW Integrator* - Can integrate data via connections and can manage and monitor data integration in spaces of which they are a member.
-    -   **DW Modeler** - Can create and edit objects in the *Data Builder* and *Business Builder* and view data in all objects in spaces of which they are a member.
-    -   **DW Viewer** - Can view objects in spaces of which they are a member and view data output by views that are exposed for consumption in these spaces.
-
-    For more information, see [Assign Members to Your Space](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/9d59fe511ae644d98384897443054c16.html "As a Space Administrator, you can assign users as members of your space.") :arrow_upper_right:.
+6.  You cannot assign users to the space as long as your space is not assigned to a scoped role \(see [Create a Scoped Role to Assign Privileges to Users in Spaces](../Managing-Users-and-Roles/create-a-scoped-role-to-assign-privileges-to-users-in-spaces-b5c4e0b.md)\). Once you assign one or more users to the space via a scoped role, the *Users* area will be automatically filled with the assigned users. You or a space administrator can then edit user assignments in this area \(see [Control User Access to Your Space](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/9d59fe511ae644d98384897443054c16.html "You can assign users to your space and manage them.") :arrow_upper_right:\).
 
 7.  \[optional\] Use the remaining sections to further configure the space.
 
@@ -286,7 +277,15 @@ Create a space, allocate storage, and assign one or more members to allow them t
         
     -   *Data Access*/*Database Users* - Use the list in the *Database Users* section to create users who can connect external tools and read from and write to the space. See [Create a Database User](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/798e3fd6707940c3bd2219b2d1ebaac2.html "Users with the DW Space Administrator role can create database users, granting them privileges to read from and/or write to an Open SQL schema with restricted access to the space schema.") :arrow_upper_right:.
     -   *Data Access*/*HDI Containers* - Use the list in the *HDI Containers* section to associate HDI containers to the space. See [Prepare Your HDI Project for Exchanging Data with Your Space](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/a94e1637db484a5c8ec2da83cfa75156.html "To allow your SAP Datasphere space to read from and, if appropriate, write to the HDI container, you must configure your HDI project to build on your SAP Datasphere tenant and define the appropriate roles.") :arrow_upper_right:.
+
+        > ### Note:  
+        > A user with the DW Administrator role only cannot see the *HDI Containers* area.
+
     -   *Time Data*/*Time Tables and Dimensions* - Click the button in the *Time Tables and Dimensions* section to generate time data in the space. See [Create Time Data and Dimensions](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/c5cfce4d22b04650b2fd6078762cdeb9.html "Create a time table and dimension views in your space to provide standardized time data for your analyses. The time table contains a record for each day in the specified period (by default from 1900 to 2050), and the dimension views allow you to work with this date data at a granularity of day, week, month, quarter, and year, and to drill down and up in hierarchies.") :arrow_upper_right:.
+
+        > ### Note:  
+        > A user with the DW Administrator role only cannot see the *Time Tables and Dimensions* area.
+
     -   *Auditing*/*Space Audit Settings* - Use the properties in the *Space Audit Settings* section to enable audit logging for the space. See [Enable Audit Logging](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/266553976e1c4db9aaa28a75e2308b77.html "You can enable audit logs for your space so that read and change actions (policies) are recorded. Administrators can then analyze who did what and when in the database.") :arrow_upper_right:.
 
 8.  Either click *Save* to save your space \(and click *Deploy* later\), or directly click *Deploy* to save and deploy your space to the database in one click.

diff --git a/...Spaces-and-Allocating-Storage/creating-spaces-and-allocating-storage-2ace657.md b/...Spaces-and-Allocating-Storage/creating-spaces-and-allocating-storage-2ace657.md
@@ -6,5 +6,5 @@ All data acquisition, preparation, and modeling happens inside spaces. A space i
 
 An administrator must create one or more spaces. They allocate disk and in-memory storage to the space, set its priority, and can limit how much memory and how many threads its statements can consume.
 
-If the administrator assigns one or more space administrators as members of the space, they can then assign other members, create connections to source systems, secure data with data access controls, and manage other aspects of the space \(see [Managing Your Space](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/268ea7e3e8d448deaab420219477064d.html "All data acquisition, preparation, and modeling happens inside spaces. A space is a secure area - space data cannot be accessed outside the space unless it is shared to another space or exposed for consumption.") :arrow_upper_right:\).
+If the administrator assigns one or more space administrators via a scoped role, they can then manage users, create connections to source systems, secure data with data access controls, and manage other aspects of the space \(see [Managing Your Space](https://help.sap.com/viewer/be5967d099974c69b77f4549425ca4c0/cloud/en-US/268ea7e3e8d448deaab420219477064d.html "All data acquisition, preparation, and modeling happens inside spaces. A space is a secure area - space data cannot be accessed outside the space unless it is shared to another space or exposed for consumption.") :arrow_upper_right:\).
 
diff --git a/docs/Administering/Managing-Users-and-Roles/create-a-custom-role-862b88e.md b/docs/Administering/Managing-Users-and-Roles/create-a-custom-role-862b88e.md
@@ -4,7 +4,7 @@
 
 # Create a Custom Role
 
-You can create a new custom role either by customizing a predefined role or by creating a role from a blank template. 
+You can create a custom role using either a blank template or a standard role template and choosing privileges and permissions as needed. 
 
 
 
@@ -16,6 +16,32 @@ To create a custom role, you need the DW Administrator role.
 
 
 
+## Context
+
+You can create a custom role to enable users to do either global actions on the tenant or actions that are specific to spaces.
+
+-   If you create a custom role for global purposes, you should include only global privileges and permissions. You can then assign the role to the relevant users.
+
+-   If you create a custom role for space-related purposes, you should include only scoped privileges and permissions. As a second step, you will need to create a scoped role based on this custom role to assign users and spaces to the set of privileges included. See [Create a Scoped Role to Assign Privileges to Users in Spaces](create-a-scoped-role-to-assign-privileges-to-users-in-spaces-b5c4e0b.md).
+
+
+You should not mix global and scoped privileges in a custom role.
+
+-   If you include a scoped privilege in a custom role that you create for global purposes, the privilege will be ignored.
+
+-   If you include a global privilege in a custom role that you want to use as a template for a scoped role, the privilege will be ignored.
+
+
+> ### Note:  
+> Some users, such as space administrators, primarily need scoped permissions to work with spaces, but they also need some global permissions \(such as Lifecycle when transporting content packages\). To provide such users with the full set of permissions they need, you can include both the relevant global privileges and scoped privileges in the custom role you will use as a template for the scoped role. Each space administrator is then assigned to the scoped role to receive the necessary scoped privileges, but they are also assigned directly to the custom role in order to receive the additional global privileges.
+
+For more details about global and scoped privileges, see [Privileges and Permissions](privileges-and-permissions-d7350c6.md).
+
+> ### Caution:  
+> Scoped roles and all related features will be rolled out to all tenants over the course of a number of versions. For more details, see SAP Note [3380409](https://launchpad.support.sap.com/#/notes/3380409).
+
+
+
 ## Procedure
 
 1.  Go to <span class="FPA-icons"></span> \(*Expand*\)** \> **<span class="FPA-icons"></span> \(*Security*\)** \> **<span class="FPA-icons"></span> \(*Roles*\).
@@ -33,10 +59,13 @@ To create a custom role, you need the DW Administrator role.
     > ### Note:  
     > Currently, it is not possible to add *Catalog* access to a custom role as a template. Assign either the *Catalog Administrator* or *Catalog User* standard application roles instead.
 
-6.  Select the permissions for your new role for every privilege type. The permission privileges represent an area, app or tool in SAP Datasphere while the permissions \(create, read, update, delete, execute, maintain, share and manage\) represent the actions a user can perform.For more details about privileges, see [Privileges and Permissions](privileges-and-permissions-d7350c6.md).
+6.  Select the permissions for your new role for every privilege type. The permission privileges represent an area, app or tool in SAP Datasphere while the permissions \(create, read, update, delete, execute, maintain, share and manage\) represent the actions a user can perform.For more details about global and scoped privileges, see [Privileges and Permissions](privileges-and-permissions-d7350c6.md).
 
 7.  If you want to change the role template that your new custom role will be based on, select <span class="FPA-icons"></span> \(*Select Template*\), and choose a role.
 
 8.  Save your new custom role.
 
+    > ### Note:  
+    > You can assign the role to a user from the *Users* page or - only if you've created a custom role for global purposes \(and not for space-related purposes\) - from the *Roles* page. Whether you create users first or roles first does not matter. See [Assign Users to a Role](assign-users-to-a-role-57a7880.md).
+
 
diff --git a/docs/Administering/Managing-Users-and-Roles/creating-a-new-user-58d4b24.md b/docs/Administering/Managing-Users-and-Roles/creating-a-new-user-58d4b24.md
@@ -42,21 +42,21 @@ More Information
 <tr>
 <td valign="top">
 
-Standard application roles
+Standard Roles
 
 
 
 </td>
 <td valign="top">
 
-The roles available depend on the licenses included in your subscription
+Roles delivered with the application. The roles available depend on the licenses included in your subscription.
 
 
 
 </td>
 <td valign="top">
 
-[Standard Application Roles](standard-application-roles-a50a51d.md) 
+[Standard Roles Delivered with SAP Datasphere](standard-roles-delivered-with-sap-datasphere-a50a51d.md) 
 
 
 
@@ -65,14 +65,14 @@ The roles available depend on the licenses included in your subscription
 <tr>
 <td valign="top">
 
-Custom roles
+Custom Roles
 
 
 
 </td>
 <td valign="top">
 
-Variations on the standard roles, created to meet your company's needs
+Variations on the standard roles, created to meet your company's needs.
 
 
 
@@ -83,6 +83,29 @@ Variations on the standard roles, created to meet your company's needs
 
 
 
+</td>
+</tr>
+<tr>
+<td valign="top">
+
+Scoped Roles
+
+
+
+</td>
+<td valign="top">
+
+Roles that inherit a set of scoped privileges from a standard or custom role and grants these privileges to users for use in the assigned spaces.
+
+
+
+</td>
+<td valign="top">
+
+[Create a Scoped Role to Assign Privileges to Users in Spaces](create-a-scoped-role-to-assign-privileges-to-users-in-spaces-b5c4e0b.md)
+
+
+
 </td>
 </tr>
 </table>

diff --git a/...ng/Managing-Users-and-Roles/importing-or-modifying-users-from-a-file-b2698da.md b/...ng/Managing-Users-and-Roles/importing-or-modifying-users-from-a-file-b2698da.md
@@ -12,7 +12,7 @@ You can create new users or batch-update existing users by importing user data t
 
 The user data you want to import must be stored in a CSV file. At minimum, your CSV file needs columns for `UserID`, `LastName`, and `Email`, but it is recommended that you also include `FirstName` and `DisplayName`.
 
-If you want to assign new users different roles, include a `Roles` column in the CSV file. The role IDs used for role assignment are outlined in [Standard Application Roles](standard-application-roles-a50a51d.md).
+If you want to assign new users different roles, include a `Roles` column in the CSV file. The role IDs used for role assignment are outlined in [Standard Roles Delivered with SAP Datasphere](standard-roles-delivered-with-sap-datasphere-a50a51d.md).
 
 For existing users that you want to modify, you can create the CSV file by first exporting a CSV file from SAP Datasphere. For more information, see [Exporting Users](exporting-users-e227d3c.md).