/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Under Role Based Permissions (RBP), while adding a rule, the system allows enabling the two options below when granting the Role to any Hierarchical Role:
- Option 1: Include access to Granted User (Self)
- Option 2: Exclude Granted User from having the permission access to him/herself
Scenario A
When the both options are enabled, Option 2 will override Option 1. In this scenario granted users will be excluded to have permission access on themselves.
Example: Permission to delete documents (Performance forms).
Significance of the permission: All Managers will be able to look for forms and delete them for their target population but not their own forms.
Concern: When system allows you to select Option 1, it still allows you to check Option 2. This appears to be contradicting in nature.
Scenario B
Only Include access to Granted User (Self) is enabled: the granted users will be included to have permission access on themselves.
When both options are disabled, granted users will not have permission access on themselves, meaning by default system considers Option 2 as enabled.
Concern: Considering Option 2 is system default, why is there additional checkbox?
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors HCM Suite
Reproducing the Issue
- Go to Admin Center > Manage Permission Roles
- Open any listed permission role and under Permission Role Detail (i.e. Grant this role to...)
- For any rule, click Edit Granting
- This will open a new window "Grant this role to..."
- Look for the available options under "Specify the target population whom the above granted users have permission to access".
- This section denotes the target population on which granted users will have access
- Below are the two options which are available in Granting the Role to any Hierarchical Role:
- Option 1: Include access to Granted User (Self)
- Option 2: Exclude Granted User from having the permission access to him/herself
Resolution
- Scenario A: As both the options conflict, one of them is designed to have higher priority. Customers are requested to select one at a time, meeting their respective business requirements.
- Scenario B: As there is a hierarchal relationship (Example: Manager and Employees), managers will by default have access to their reports and NOT for themselves. Unless choosing Option 1, the manager himself will NOT be in target population.
Note:
If under "Grant Role to " the user select 'Permission Group' or 'Everyone(All Employee)' then only 'Exclude Granted User from having the permission access to him/herself' is made available, which is where mostly it will impact since if not selected then permission to him/herself will be granted
See Also
Keywords
SF, success factors, cloud, PLT, platform, BizX, biz x, RBP , KBA , LOD-SF-PLT-RBP , Role Based Permissions , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)