Designing a Security Domain Structure

Objective

After completing this lesson, you will be able to create a security domain structure.

Security Domains Structure

Security domains are crucial for maintaining a secure and well-organized learning system. Think of security domains as containers for different types of data in your learning system. When you add new elements like Items, Curricula, or Assignment Profiles, you assign them to a specific security domain. This helps to:

  • Organize Data: Keep similar information grouped together for easy management.
  • Control Access: Determine which administrators have access to specific data based on their assigned security domain groups.

Key Considerations for Designing Security Domain Structure

When designing your security domain structure, consider the following factors:

  1. Complexity of Data: Assess how many different types of data you have and evaluate the sensitivity of each type.
  2. Delegation of Administrative Tasks: Determine the number of administrators you have and define their specific roles and responsibilities.
  3. Distribution of Data Access: Identify which administrators require access to certain types of data in order to perform their jobs effectively.

Visual Mapping for Enhanced Security

To enhance your company's security, it's crucial to visually map out its organizational structure. This graphical representation will provide a clear understanding of departments, roles, and information flow, enabling you to make informed decisions about segmenting access and responsibilities to strengthen security measures.

The security domain level starts from 0, which corresponds to the root-level security domain. The system increments each subsequent security subdomain by one. A Public domain is also accessible by all administrators regardless of the security domain or security domain restrictions associated with their role.

Below is an example of a security domain structure or security domain tree for an organization (Company XYZ) with two geographical locations (Europe and North America) and two departments (Sales and HR) per location.

Flow diagram showing the levels of security domains for Company XYZ.

Create a Security Domain Structure

Business Example

In this exercise, you will design a security domain structure for ABC Company, which operates in two primary locations: Europe and North America. Create a security domain that allows administrators to manage access and permissions for these geographical areas effectively.

Steps

  1. Create the Corporate (Root) Domain.

    1. Log in to SAP SuccessFactors HCM as a Learning Administrator and navigate to Learning Administration → System Administration → Security → Security Domains.

    2. Select Add New to create a new Security Domain.

    3. Select the Add Root (Top) Level Security Domain radio button to create a parent Security Domain.

    4. Enter these values into the respective fields:

      • Security Domain ID: [YourInitials]-ABC.
      • Description field: [Your Initials] - ABC Corporate Domain.

    5. Select Add.

  2. Create new Subdomains for Europe and North America.

    1. Select Add New to create a new Security Domain.

    2. Choose the Add Security Subdomain radio button.

    3. Search for and select the Parent Security Domain you created ([YourInitials]-ABC).

    4. Enter a Security Subdomain ID: [YourInitials]-EUR.

    5. Enter a Description: [Your Initials] - Europe Subdomain.

    6. Select Add.

    7. Repeat the steps to create a new Security Subdomain for North America. Create [YourInitials]-NA and [Your Initials] - North America Subdomain respectively.

Security Domain Types

Security Domain Types are entities that administrators and users are allowed to use on a Security Domain. When a new Security Domain is created in the system, it is automatically associated to all available Security Domain Types. These entity types include: Items, Curricula, Classes, Equipment, Assignment Profiles, Roles, Programs, etc.

Entities added to the system fall into two categories:

  • Global References: These are entities that are not stored within any specific Security Domain. Instead, they exist in a global list accessible throughout the system.
  • Security Domain Types: These entities are specifically stored within designated Security Domains.

Note

The PUBLIC Security Domain allows for the creation and storage of all these entity types.

Security Domain Customization

You can customize a security domain by adding or removing specificSecurity Domain Types for entities that you want to control. For instance, if you want to prevent users in the Europe domain from accessing programs, the administrator can follow these steps:

  1. Open the Europe Security Domain.
  2. Navigate to Security Domain Type tab.
  3. Remove Unwanted Domain Types: Locate the program domain type and remove it. Additionally, if the administrator wants to add new Security Domain Types, they can use the Add One or More from a List option to include additional types in the security domain.

Security Domain Types tab, add one or more from list link, and Remove column are highlighted.

Summary

  • Security domains are containers for organizing data and controlling administrator access within the learning system.
  • Key considerations for security domain design include data complexity, admin roles, and data access distribution needs.
  • Visually mapping organizational structure helps define access, roles, and responsibilities for improved security.
  • Security domains can include customizable entity types, such as items, curricula, and roles, for precise control.
  • Global references exist outside security domains, while domain-specific entities are restricted to their assigned domains.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn