Symptom
When interacting with the SAP SuccessFactors Career Worksheet template, you are able to enable and disable permissions for different groups of employees, thus enabling/disabling them from access/editing different parts of the Career Worksheet, located within the development module.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors Career Development Planning
Resolution
The Career Worksheet enables users to view and save job roles, and to gain an understanding of the development effort required to move into a future role.
For more information on it, please see the Career Development Planning: Implementation and Administration Guide.
This article explains the permissions related to the Career Worksheet, which are divided into access permission to the Career Worksheet (granted via RBP) and permissions to see the actual content within the Career Worksheet of a user (defined in the Career Worksheet template).
Access Permission
Access permissions are available inside the application and can be managed by the administrator of the instance. If you want to remove access to the Development Plan for certain users, or for the entire instance population, this can be done without any assistance from Product Support.
To grant permissions for a user (or group of users) to access the Career Worksheet, there are two access permissions that need to be granted:
- Career Worksheet Access Permission - available under the “Career Development Planning” section of RBP, grants access to the “Career Worksheet” tab within the Development module.
- Career Worksheet Suggested Roles Access Permission - optional and allows the user to see the “Suggested Roles” feature:
In addition, grant access to the Career Worksheet template, otherwise the users will get an error when accessing the page. This permission can be granted in the same permission role as the access permission.
Under the “Goals” section, enable the “Goal Plan Permissions” and select the “Career Worksheet” template:
Note: The target population of the “Goal Plan Permissions” is not considered when viewing the Career Worksheet. If a user has access to the Career Worksheet, they can search other users according to the “User Search” permission and the content will be restricted based on the template permissions. See KB article 2575995 - Users are able to search for anyone in the Career Worksheet.
Content and Action Permissions (template)
Permissions to view the content and take actions within the Career Worksheet are defined in the Career Worksheet template and changes to it require engaging an Implementation Partner or requesting assistance from support for simple changes.
Those permissions are based on the roles that the user has in relation to another user (relationships between the users). A few examples are listed below:
- Employee (E);
- Employee’s Manager (EM);
- Employees’s Manager, including all the managers up the reporting chain (EM+);
- Employee’s HR Manager (EH);
- Employee’s Matrix Manager (EX);
- All the users (*);
Action permissions
The action permissions considered by the Career Worksheet are the following:
- private-access: allows the users to see the content in the “Job Roles I’m Considering” section of the Career Worksheet. For example, to grant permissions to Employees, their Managers up the reporting chain and their HR Manager to view the “Job Roles I’m Considering” of the employee, use the following XML code:
<permission for="private-access">
<description><![CDATA[Employees and their managers up the reporting chain may view “Job Roles I’m Considering”.]]></description>
<role-name><![CDATA[E]]></role-name>
<role-name><![CDATA[EM+]]></role-name>
<role-name><![CDATA[EH]]></role-name>
</permission>
- create: allows the users to add Job Roles to the “Job Roles I’m Considering” section of the Career Worksheet. For example, if you wanted only the employee and their direct manager to be able to add Job Roles to this section, use the following XML code below. Note: If a user does not have create permission in the Career Worksheet template, the Suggested Roles tab itself will be hidden.
<permission for="create">
<description><![CDATA[Only the employee and their direct manager may add a role in a user's worksheet.]]></description>
<role-name><![CDATA[E]]></role-name>
<role-name><![CDATA[EM]]></role-name>
</permission>
- delete: allows the users to remove Job Roles from the “Job Roles I’m Considering” section of the Career Worksheet. For example, if you wanted only the employee to be able to remove Job Roles from this section, use the following XML code:
<permission for="delete">
<description><![CDATA[Only the employee may delete role in his/her worksheet.]]></description>
<role-name><![CDATA[E]]></role-name>
</permission>
Field permissions
The content displayed within the Career Worksheet is also affected by the “read” permissions granted over the fields available in the template. Write permissions are not considered. See below the fields that affect the view and how they affect it:
- readiness_meter: visibility over the “Readiness” percentage for each of the “Job Roles I’m considering”.
- development_goals: visibility over the Development Goals associated with each competency or behavior of the Default Development Plan. The number of Development Goals and the button to add a new Development Goal is displayed by default. When expanding a competency/behavior, you’ll also be able to see details from the Development Goals.
- Note: the read and write permissions for the user are derived from the development plan template configuration.
- last_rated_date and last_rated_form: if read permissions are granted over both fields, the Career Worksheet will display where the rating is coming from (last rated form and date) for each competency/behavior.
- competency_name: permission to see the name of the competencies. If the user has any other permissions, this permission should also be granted because, if the user does not have the “competency_name” permission, the competency list will appear with “undefined” replacing the name of the competencies.
- gap_graph: visibility over the graph comparing the expected competency rating for that Job Role to the user’s latest rating.
- last_rating: required to display the gap graph.
How to restrict the visibility of employees over other employee’s Career Worksheet?
As mentioned in the Access Permissions section of this article, if the user has access to the Career Worksheet, the user will be able to search other employees based on the User Search permission. It is common that employees have permissions to search everyone in the instance. Does that mean that the users will be able to view the Career Worksheet of any other users? No. To prevent that from happening, only grant “read” permissions in the Career Worksheet template for roles that should indeed be able to view the employee’s Career Worksheet. For example, the employee themselves, their managers, matrix managers, custom managers, second managers and HR managers. If one employee does not have “read” permission for the Career Worksheet fields over another employee, they will get the following message when trying to access the other employee’s Career Worksheet page: “You do not have permission to view this user's Career Worksheet plan”.
Note to partners on permissions: if HR cannot view a user’s 'Job Roles I'm Considering' and the permissions in the xml template are correct, check the hierarchy. For example, if HR is also a peer to the user, then they will not see the users 'Job Roles I'm Considering'.
Keywords
CDP, Career Worksheet, Permissions, RBP, Read/Write, SAP Success Factors, SCM, KM-19401 , KBA , LOD-SF-CDP-ADM , Admin Tools, Permissions, Settings , LOD-SF-CDP-CW , Career Worksheet , How To