/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- RBP Permission for MDF Composite Child Object does not respect Target Population for Field Level Overrides.
- Child object is not available in Define Target Criteria of a Permission Role.
Environment
SAP SuccessFactors HCM
Reproducing the Issue
MDF object has composite child objects.
In Legacy People Profile (PP3)
1st Scenario:
- RBP role is configured to restrict child object access to some fields, via Field Level Overrides
For example:
Permission Role "A" is set with "Read Only" access to Child Object fields "1" and "2" for Target group "A"
Permission Role "B" is set with "Read Only" access to Child Object fields "3" and "4" for Target group "B" - However, when the user is viewing the record, he is still able to edit all the fields in the child record, regardless of Field Level Overrides configuration.
2nd Scenario:
- Child object is Secured and RBP Subject User Field is empty
- However, child object is not available when attempting to define target criteria in a Permission Role.
Cause
For Legacy People Profile (PP3)
Currently, there are no target criteria or target group support for composite child permissions. The child objects inherit RBP permissions from the parent object.
Therefore, you cannot specify different Field Level Overrides patterns according to the content of the composite child object for different fields and different target groups.
Resolution
For Legacy People Profile (PP3)
The possible workaround is to define Field Level Overrides for the same fields in all Permission Roles. In this scenario, permissions configuration will be respected. Other possible solution is to define Field Level Overrides configuration in Parent Object, restricting the whole Child Object instead.
For Latest People Profile (PPX)
Child object level's fields level override and object level permission following the same target population as parent MDF.
Enabling Security for Composite Child Permissions | SAP Help Portal
See Also
Enabling Security for Fields | SAP Help Portal
Restricting Data Access of a Role with Target Population or Criteria | SAP Help Portal
Keywords
mdf permission target, child object, permission, target population, field level overrides, target criteria , KBA , LOD-SF-MDF-RBP , RBP Permissions on Objects , LOD-SF-EC-MDF , MDF & EC2MDF Migration , Problem
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)