/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Users are able to search for anyone in the SAP SuccessFactors Career Worksheet and look at the user’s Career Worksheet details, regardless of RBP permissions,
while in the Development Module of SAP SuccessFactors Suite.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors Succession & Development
Cause
- The permission for the Career Worksheet access does not follow a target population.
- Once the user has access to the Career Worksheet, he/she will be able to search on any user (according to the User Search permission) and view their Career Worksheet.
Resolution
If the user has access to the Career Worksheet, the user will be able to search other employees based on the User Search permission. It is common that employees have permissions to search everyone in the instance. To prevent users from seeing the details of any other user’s Career Worksheet, the permissions should be restricted in the Career Worksheet template.
To resolve this issue, make sure the Career Worksheet template does not have “read” permissions over the fields being granted to everyone (role-name *), as this will make the details of the Career Worksheet publicly available.
Only grant “read” permissions in the Career Worksheet template for roles that should indeed be able to view the employee’s Career Worksheet. For example, the employee themselves, their managers, matrix managers, custom managers, second managers and HR managers.
The following configuration grants “read” permissions for everyone:
<field-permission type="read">
<description><![CDATA[Anyone can read the fields. ]]></description>
<role-name><![CDATA[*]]></role-name>
<field refid="competency_name"/>
<field refid="gap_graph"/>
<field refid="development_goals"/>
<field refid="readiness_meter"/>
<field refid="last_rating"/>
<field refid="last_rated_form"/>
<field refid="last_rated_date"/>
</field-permission>
And it should be replaced by something like this:
<field-permission type="read">
<description><![CDATA[Only the employee, and their managers up the reporting chain and HR reps may read any public field]]></description>
<role-name><![CDATA[E]]></role-name>
<role-name><![CDATA[EM+]]></role-name>
<role-name><![CDATA[EH]]></role-name>
<field refid="competency_name"/>
<field refid="gap_graph"/>
<field refid="development_goals"/>
<field refid="readiness_meter"/>
<field refid="last_rating"/>
<field refid="last_rated_form"/>
<field refid="last_rated_date"/>
</field-permission>
If one employee does not have “read” permission for the Career Worksheet fields over another employee, he/she will get the following message when trying to access the other employee’s Career Worksheet page:
You do not have permission to view this user's Career Worksheet plan.
See Also
KB article 2575986 - Career Worksheet Permissions - SCM
Keywords
CDP, Career Worksheet, RBP, Permissions, SAP Success Factors, XML, SCM , KBA , LOD-SF-CDP-ADM , Admin Tools, Permissions, Settings , LOD-SF-CDP , Career Development Planning , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)