Symptom
New Users not dynamically added to Permission Groups
Environment
SAP SuccessFactors HCM Suite
Reproducing the Issue
Permission Group Definitions are mainly divided into two sections:
1. Choosing Group Members
- People pools are created using filters to define who are included in this group
2. Excluding Group Members
- People pools are created using filters to define who are excluded in this group
When no filters are added in Section 1, but are added in Section 2, the system includes all active users except those defined in Section 2. For example:
- Instance has 100 users
- Permission group should include all except Admin User
- Section 2 is defined as User = Admin User
- Current result is 99
However, when Section 2 is defined using User or Username fields as filters, and no other filters, the permission group becomes static (not dynamic). When new users are created, the permission group does not update to include new users (user count remains at 99).
Cause
When permission groups only use static filters such as User or Username, the background job that dynamically updates groups excludes them from being updated. This is done to avoid performance problems, as some instances may define a large number of permission groups.
Resolution
Some possible workarounds are:
1. Use filters such as Department or Job Code to define exclusions.
- For example, instead of defining "User = Admin User" as an exclusion to that group, choose or assign another unique identifier such as "Job Code = Admin".
- This makes the permission group dynamic, and the background refresh job includes this group to be updated.
2. Manually update the Permission group by editing and clicking Update then resave the group.
Keywords
SF Success Factors Dynamic Automatic Group Assigned Permission Exclude , KBA , LOD-SF-PLT-RBP , Role Based Permissions , Problem