3247466 - "Changed By User" of RBP User Role Change Report

• Sometimes in RBP User Role Change Audit report, non Role Based Permission Admin users are recorded in the "Changed By" field. 
• In some specific situation, an irrelevant user who did not change any relative data was recorded as Changed By user.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental. 

SAP SuccessFactors HCM Suite

1. Go to Change Audit Report and run RBP User Role Change Audit report
2. Sometimes you will find in RBP User Role Change Audit report, non RBP Admin users were recorded as Changed By users in the report, in some specific situation an irrelevant user who even did not change the relative data was recorded as Changed By user.

Non RBP admin users can be recorded in the "Changed by" in the following scenarios:

1. The user modified a field that is associated with the dynamic group filters defined in RBP Dynamic Groups. This modification impacts the relationship between the user and RBP Roles.
2. The user made a change to another user or to oneself that triggered a refresh job at a very close time to when the relevant user/group was modified. This triggered an additional  request for RBP refresh job.

1. Any field changes related with the dynamic group filters defined in RBP Dynamic Groups will affect the relationship of the User and RBP Roles.

eg: HR manager may change the City, job-code etc. of a user. If the updated field is one of dynamic group filters in role granted group, this HR Manager may be recorded as "Changed by user" in the report even if they are not a RBP admin.

Please see the image below which illustrates this scenario:

2. When changes are made to users, a RBP refresh job is triggered to ensure that the RBP will be updated accordingly. If multiple refresh jobs are triggered by different users at very close time, the "Changed By User"  may record the user whose action triggered the previous job.

eg: In the "Changed By User" column for user "A" RBP change, the entry shows "sfadmin" user. However, the change was actually made by user "tzhang".

The context is that tzhang changed user A’s city which triggered a Refresh Access Membership job at 11:56:07.132. In the meantime, sfadmin user made a change to another user that requested for another RBP refresh job just a few seconds before at 11:56:03.068.

In this scenario, sfadmin was recorded as the "Changed By User" in the report, despite not actually making any changes to user "A".

Please note that for RBP User Role Change Audit report this is working as designed due to refresh jobs that are asynchronous requested by change events. Always consider that if the changes are made by different users at very close time, it is possible that the changed by user is recorded as another user.

Note: if the jobs in provisioning have not been triggered at close time and the instance has refresh framework enabled in provisioning, it might be that the second job was queued and executed by a refresh framework job later. Even in such scenarios, the report will consider that the job was requested and the user who made the first change might be recorded in the report.

3. Enhanced Changed By User Fields in RBP User Role Change Report in B2511

After 2511 the Changed by user field description in RBP User Role Change Report was applied.

When an administrator changes a user's role mapping, a system user now consistently appears in the Changed By User field within the RBP User Role Change Report. In the current scenario, the report might have inaccurately displayed a specific administrator's name, even when the change was triggered by other factors, such as updates to an RBP group definition or a person's data.

The system user now listed in the report is a fixed admin account that runs the RBP User Role Change Refresh job. This job asynchronously collects and applies user role mapping changes from various sources. By displaying this system user, the report now more accurately reflects the source of the changes, providing a more transparent and precise audit trail for your processes.

As part of this enhancement, it helps improve the accuracy and clarity of your auditing records.

This job is run by a fixed system user with admin privileges, not by any specific user.

To identify who/what has triggered the user role mapping changes, you can look at these four change audit reports:

• Person Data Report - Shows who made changes to whose person data (e.g. updating data in the people profile)
• RBP Group Change Report - Shows who made changes to RBP group definitions (e.g. updating people pools)
• RBP Role Change Report - Shows who made changes to RBP role definitions (e.g. updating role assignments)
• RBP Static Group Membership Change Report - Shows who made changes to RBP Static group memberships (e.g. adding/removing users from the groups)

For More Details, Kindly refer Enhanced Changed By User Fields in RBP User Role Change Report | SAP Help Portal 

• 2744431 - How to Create Change Audit Reports and What Reports are Available - SuccessFactors - SAP for Me
• 2754942 - Change Audit: RBP User Role Change Report - SAP for Me
• RBP User Role Change Report | SAP Help Portal
• 2766870 - Role Based Permissions (RBP) Refresh Framework FAQ - SuccessFactors - SAP for Me

Change Audit,last modified by in user role change audit report, Role Based Permission, RBP User role change, RBP, INC2275060, change audit, RBP, wrong data, dg-filter, changed by user, SF, SuccessFactors, PLA-52496 , Enhanced Changed By User Fields in RBP User Role Change Report , KBA , LOD-SF-PLT-CHA , Change Audit , LOD-SF-PLT-RBP , Role Based Permissions , How To