Introducing the Security Model

Security domains are organized to reflect the structure of a company, whether by department, team, or geographic location. Different departments or teams within an organization may have their own security domains, tailored to their specific data access needs and security requirements. Similarly, regional branches can establish individual security domains to manage data and access to their locations. This approach enables more precise control over security policies and data access, allowing them to be customized for the unique needs of various parts of the organization.

Once a security domain entity is added to the Learning system, you can still change the security domain description, as well as the hierarchical structure between security domains. Selecting a different parent security domain will move your security domain and build a new relationship between security domains.

The Public Security Domain is automatically added to every security domain group and cannot be removed. Any entities saved in the Public Security Domain are accessible to any administrator whose role allows them to work with those entities. Since the Learning Security Model dictates that all data should be stored in specific security domains with controlled access through security domain groups, administrators are advised not to use the Public Security Domain. Instead, they should always save entities in more appropriate security domains.

A security domain group consists of one or more security domains that determine the locations where an administrator can exercise their permissions. For example, a group called Europe-All may include countries such as France, the UK, and Germany. When this group is linked to the permissions associated with a user role, it restricts the administrator to performing those permissions only within the specified European security domains.

A role consists of a set of permissions that are bundled together and assigned to entities like Instructors, Users, and Administrators. These permissions determine access to various menus, links, and tiles.

• Administrator Roles: For administrator roles, specific security domain groups can be added to these permissions. This ensures that access is limited to certain security domains related to the entities.
• User Role: When users are imported from SAP SuccessFactors HCM or another HR Management System, they are assigned specific security roles within the Learning system, such as Administrator, User, or Instructor. This assignment can be completed through various methods, including:
  • Connector job
  • Assignment profile
  • Import tool
  • Manual update

A permission is a function that can be combined with an entity to create specific actions. Functions include options such as add, delete, copy, edit, or search. Entities can refer to users, items, classes, curriculums, instructors, or assignment profiles. For example, an administrator may have the ability to Add User, Search Item, Edit Curriculum, or Copy Assignment Profile.

Each role has its own set of permissions that define what actions users can perform. Organizations can create customized roles to meet their unique needs and assign these roles to different entities for access to Learning system tools and features.

The Learning Security model also allows organizations to control what data administrators can access. To limit access to specific data (e.g., data for certain regions), security domains and groups can be created and assigned to the appropriate permissions in administrator roles.