How to delegate access/permission to responsibilities in SAP SuccessFactors HCM suite
- How to configure the Delegate relationships.
NOTE: Employee Central is a pre-requisite
Image/Data in this KBA is from SAP internal systems,sample data or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors Employee Central Role-Based Permissions
What are Delegates?
The delegate users you assign will have access to your direct and indirect reports and can perform tasks that have been permissioned to you in the granted Permission Role, whilst acting as your delegate.
You can assign up to two delegates per delegator and each delegate can be given separate tasks or permissions to cover different functional areas. Please note, delegates will not have access to the delegators data.
Delegates are maintained in Job Relationships in Employee Central.
Configuration - jobRelType picklist (the first letter should be lowercase in "jobRelType", otherwise, the system will not pick the changes inserted to a picklist that is labelled differently)
Two new Job Relationships must be added to the "jobRelType" picklist in your instance. These are -:
- Delegate A
- Delegate B
Please refer to the Employee Central Master handbook > Picklist Configuration for Employee Status and Job Relationship Type page
NOTE: When defining the External Code and Non-unique External Code of the picklist, make sure there is a space between the word and the number. i.e. "delegate 1" / "delegate 2"
Additional Information for Job Relationships
Configuration - Manage Permission Roles
When defining the Target permissions of a Permission Role, you can now define "Delegate A" and "Delegate B" in the "Grant role to" pop-up. These options will only appear once the jobRelType picklist has been updated with the delegate values. Then you will be able to leverage the delegate roles the same as any other role (such as Manager).
If delegate relationship has been defined in Employee Central picklists, you can grant a permission role to delegates. When a manager delegates his or her tasks to two delegates, delegate A and delegate B, the manager’s direct reports will be the target population of delegate A and delegate B. If the manager, delegate A, and delegate B are in the same permission roles, delegate A and delegate B will have the same permissions. The manager’s direct reports will be the target populations of the delegate A and delegate B for the permissions which require a target. However, this delegate relationship cannot be used in non-user-based permissions. For example, even if delegate A and delegate B has the same “Miscellaneous Permissions > Position” permission as the manager, delegate A and delegate B cannot view the current state of the position or view its history because the “Position” permission is not user-based.
What is user-based permission?
- Permission to the data of a user. For example, the “Personal Information” permission controls access to the personal information data of a user.
- The target population of the permission can be grouped as a user list
- It can be RBP permissions or some of the MDF permissions
What is non-user-based permission?
User can distinguish those MDF objects if they are categorized in “Permission requiring MDF object target”. Those permissions will not be supported through delegate relationship.
delegator, delegate A, delegate B, delegate 1, delegate 2, jobRelType, Job Relationship, 1905, PLA-6581, ECT-112217, ECT-112227, PLA-7908 , KBA , LOD-SF-EC-RBP , Roles & Permissions (EC Core only) , LOD-SF-PLT-RBP , Role Based Permissions , How To