3196136 - Onboarding Role-Based Permission- Main KBA

Onboarding Role-Based Permission

SAP SuccessFactors Onboarding

Role-Based Permissions (RBP) is a security model that allows you to restrict and grant access to your SAP SuccessFactors HXM Suite. RBP controls access to the applications that employees can see and edit. After setting up Onboarding / Offboarding, it is important to identify/create the user groups you want to provide access to, and then accordingly enable the required role-based permissions for each group.

Role-based permissions contain three main elements: permission groups, permission roles, and target populations

• Create a Permission group with External user population- When creating a group of External user populations. Apart from the regular method of selecting the people pool. You would also need to select the user type as “External Onboarding User”
• Create a role for the External User- In manage permission roles, you could use “Create New Role for External User” for creating a new role for the new hires (“Onboardee”). This is for creating a role for new hires. This should not be used for internal users.
• Defining a target Population for a role- Select the appropriate Grant role/Grant Group and then choose the Target population as Everyone or based on the Department/Division/Location. The target decides for which group of employees the Role (From the granted group) can view/edit data. It is recommended to always keep the target limited so that data privacy and segregation of work and be well established. You can assign External User Target Populations to Responsible Users' Permission Role. For Managers, the target population is direct reports of type external users .

Role-based permissions for Admin User, Hiring Manager, and New Hires (as External Users)

• Role-Based Permissions for Administrators in Onboarding and Offboarding- Identify and grant role-based permissions for administrators.
• Role-Based Permissions for Onboarding and Offboarding Tasks- You can set permissions for each type of onboarding task separately, allowing you to define who does what for each step of your onboarding process.
• Role-Based Permissions for Email Services- You can grant specific permissions to configure and manage email services for Onboarding .
• Role-Based Permissions for New Hires as External Users- Before their start date, you can grant new hires access to the system as external users.
• Role-Based Permissions for New Hire and Internal Hire Data Review- List of permissions that determines what new hire data can be read or edited when performing the task of reviewing the new hire data.
• Role-Based Permissions for Rehire Process- Permissions for Rehire Coordinator who performs the rehire verification for the new hire.
• Role-Based Permissions for the Onboarding Dashboard (New)- Permissions to view the new hire details along with the process tasks assigned to you or any of the responsible users on the Onboarding Dashboard

• Review the below permissions-

1. Go to manage Business Configuration.
2. Under Filters, select Dynamic Group Filters Create New.
3. The Dynamic Group Filters page appears. Enable the filter.
4. Select HRIS Elements -> Job Information. The filter defaults.
5. Enter the number of days that the receiving parties (admins or managers) can see the employment records before the organizational change. Enter values like 30,60 or 90 denoting the number of days before the organization change that the admin can view the new hire.

4. Viewing profile after MPH before the start date

Below permission should be provided to the RBP role of the users viewing the profile-

• Employee Views access of Employment, Me (Personal Info) for the target population of external users
• General User Permission:

           Company Info Access > User Search

5. Candidates are not visible in MPH after completing ADC

If the Manager/HR does not have access to the below mentioned permissions, then the candidate will not be available in MPH.

Employee Central API:

• Employee Central Foundation SOAP API
• Employee Central Foundation OData API (read-only)
• Employee Central HRIS OData API (read-only)
• Employee Central Foundation OData API (editable)
• Employee Central HRIS OData API (editable)

6. Compliance Form and Compliance Object Permissions – For External Users (error: Unable to see form data)

Compliance Object Permissions:

• AssignedComplianceForm
• ComplianceDocumentFlow
• ComplianceFormData
• ComplianceProcess
• ComplianceProcessResponsible
• ComplianceUserData
• ComplianceProcessTask

Employee Data:

• Employment Details MSS

KBA:

• 2877929 - New Hire Name is not appearing at Onboarding Dashboard
• 2967207 - [Onboarding] Candidates are not appearing in Manage Pending Hires after completion of Onboarding Steps
• 3018516 - Employee Export Permission issue in Onboarding
• 3089047 - [Onboarding] Permissions for NEW Onboarding dashboard
• 3032103 - [Onboarding] What RBP permissions are required to perform Rehire Verification
• 3083627 - [Onboarding] Admin Access to MDF Odata API permission providing access to more onboardees than the target population of the Onboarding User

IDP:

• https://d.dam.sap.com/a/Ge5i8qK/SAP%20SuccessFactors%20Onboarding%20Role-Based%20Permission%20Guidance.pdf

Implementation guide:

• Implementing Onboarding
• Implementing Role-Based Permissions

PDC:

• SAP SuccessFactors Partner Delivery Community (PDC)

RBP, permissions, Role Based Permissions, Manage Permission Role, Onboarding, BPE , KBA , LOD-SF-OBX-ACC , Accessibility , How To