2344584 - How to add access to Role-Based Permission Admin features (Manage Role-Based Permission Access, View User Permission, Manage Permission Roles, Manage Permission Groups and User Role Search)

• How do I grant the permission for a new admin user to the following admin features:
• Manage Permission Groups;
• Manage Permission Roles;
• User Role Search;
• View User Permission;

• How to grant administrator permission to user?
• How to access the feature "Manage Role-Based Permission Access"?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors HXM Suite

To access the features "Manage Permission Groups", "Manage Permission Roles", "User Role Search" and "View User Permissions", users must be added to the group of users allowed to access the feature "Manage Role-Based Permission Access". Please follow the below steps to add the users to the group:

1. Go to Admin Center
2. Search for "Manage Role-Based Permission Access" or search it directly from Action Search
3. Click in the Add User button and select the users you want to add
   
   
   
   
4. Once selected user is added, the added user will have the access to "Role-Based Permission Admin" enabled by default. You can see from the screenshot below that the checkbox is already checked after adding the user. User will now have acces to use the four features:
   
   
   • Manage Permission Groups;
   • Manage Permission Roles;
   • User Role Search;
   • View User Permission;
   
   Note: You can only have access to all four features or none at all.
   
   
   

This is what the access will look like from Admin Center if you ONLY enable "Role-Based Permission Admin" from Manage Role-Based Permission Access:

Note: Manage Role-Based Permission Access by default is only visible and accessible for users who were created from provisioning system. For example SFADMIN, adminsf etc. Access to "Manage Role-Based Permission Access" tool can be restricted by adding and removing users as per the instructions discussed above but with additional step of also enabling the "Allow Access to This Page".

This is what the access will look like from Admin Center if you ONLY enable "Allow Access to this page" from Manage Role-Based Permission Access:

Any users granted with "Allow access to this page" will have access to add or remove other users from this tool. As a security precaution, the system would require that there is at least one user with access to this page. Also, you will not be able to remove your own access to the page. 

    


The access will look like this if both "Allow access to this page" and "Role-Based Permission Admin" is checked:

Note:

1. This permissions will cover RBP API too.

2. Only active users can be added to this, if a user who has access to Manage Role-Based Permission Access is changed to inactive status, the user will be automatically removed from Manage Role-Based Permission Access. If the user is later set back to active, they will need to be manually added again to Manage Role-Based Permission Access. Only Super Admin created in provisioning will by default have access to Manage Role-Based Permission Access, other user can only be added manually.

2607738 - Manage Role-Based Permission Access Is Not Visible
2186617 - Creating a Super Admin User in SuccessFactors Provisioning

RBP administrator permission, sfadmin, IPSadmin, view user permission, manage permission roles , KBA , LOD-SF-PLT-RBP , Role Based Permissions , LOD-SF-PLT-PRVR , Manage Provisioning , How To