Securely Sharing Joule Skills in SAP Build with SAP Cloud Identity Services

SAP Build's Joule Studio allows for secure sharing of custom skills through environment sharing. Users can share projects with up to 10 user groups or 5 individual users, and access types are Execute (allows users to use the skill) and Admin (full access to manage the environment). Users can share skills securely by creating user groups in SAP Cloud Identity Services and assigning users to these groups. Sharing with user groups allows for better governance and security.

SAP Build's Joule Studio offers a robust platform for developing and deploying custom skills, but ensuring secure and controlled access to these skills is crucial. This article explores the process of sharing custom Joule Skills securely using SAP Build and SAP Cloud Identity Services.

Understanding Access Control in SAP Build

SAP Build's environment sharing allows for the secure distribution of custom Joule Skills. By default, only users explicitly granted Execute or Admin access in the shared environment can interact with the skills. If unauthorized users attempt to access the skill, they receive a generic fallback response from Joule.

Sharing Skills with User Groups

To enhance governance and security, SAP Build supports sharing skills with user groups from SAP Cloud Identity Services (CIS) tenant:

1. Create a User Group: In your IAS (Cloud Identity) tenant, create a user group.
2. Assign Users: Assign the required users to this group.
3. Share in SAP Build: In SAP Build, open the shared environment of your custom Joule Skill. Click on Share, set the Type to User Group, and enter the exact name of the group created in IAS. Set the appropriate authorization (Execute or Admin).
4. Redeploy Access: After sharing with user groups, navigate to the Joule tab inside the environment. Click Refresh, and then redeploy the capability to apply the new access configuration. This process may take a few minutes.

Open Access for Everyone

For scenarios where skills are intended for broader use within the organization, SAP Build allows setting general access to everyone with Execute permissions. This method should be used with caution, especially if the skill handles sensitive operations or data.

Conclusion

Properly managing access to custom Joule Skills is essential for maintaining security and ensuring that the right users have the appropriate access levels. SAP Build provides the flexibility to share skills with user groups or open access to all users, making it a versatile tool for developers and administrators. By following these steps, organizations can deploy custom Joule Skills securely and effectively.

References

[1] https://community.sap.com/t5/technology-blog-posts-by-sap/getting-started-with-joule-studio-in-sap-build-part-4-managing-access-to/ba-p/14162116
[2] https://news.sap.com/2025/07/sap-business-ai-release-highlights-q2-2025/