2080082 - Basic Overview of Role Based Permissions in Employee Central

This article outlines basic steps in setting up Roles Based Permissions (RBP) for SuccessFactors Employee Central.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors Employee Central

1. Create groups:

• Permission groups are groups that will be granted the permission and groups who will be managed by those granted permission.
• For example, you might want to create a group of HR Managers in the US who manage employees in the US.
• The group managing will include HR managers in the US while the group being managed will include employees in the US.
• It isn't necessary to create a group if you use one of the pre-defined groups: Everyone, Managers, Matrix Managers, Custom Manager, Second Manager.                                                                                                                                                                                                                                    

2. Define different roles:

• Permission roles define access to data and application functionality.
• For example, you might want an HR Administrator role to have permission to Manage Documents.
• This is the step where you define that functionality.
• If the permission role that you are attempting to create is similar to another role, it is recommended to copy that role and make the needed adjustments.

IMPORTANT:

• Role Based Permissions are designed so users will match more than one role.
• For example, a manager may match both a generic “All Employees Role” and a “Manager” role.
• When designing these roles try to not replicate permissions in different roles unnecessarily.
• As a best practice we recommend configuring roles by starting with the most generic role as in “All Employees Role”, and casting the net as wide as possible to include all of the permissions that should be given to everyone.
• For example, in this role include all of the publically-viewable fields in the Employee Profile.
• Then for other roles, do not include the publically-viewable field permissions as this will be unnecessary since all users will already get the publicly-viewable fields granted to them through the “All Employees Role” to everyone.
• When creating more roles, work on an exception basis and include only the unique extra permissions that the role should have beyond other roles.
• This practice will help reduce the number of roles in the system, which will both be easier to maintain, and will help improve system performance.                       

3. Grant the role to a user or group:

• Assign the target population.
• There is an option to "Exclude Granted User from having the permission access to him/herself" if the target user is also in the target population, selecting this option will prevent the target user from being granted the role permissions on his/her record.

         

Note: For additional information on Role Based Permissions check out the "Using Role-Based Permissions" guide found on help.sap.com

SF, success factors, EC , KBA , sf rbp - role based permissions , LOD-SF-EC-RBP , Roles & Permissions (EC Core only) , LOD-SF-EC , Employee Central , How To

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HXM Suite all versions