Describing Administrator Security and Access

Objective

After completing this lesson, you will be able to describe the SAP SuccessFactors Learning security model.

Administrator Security and Access

A multi-level security model allows administrators to access various functions in SAP SuccessFactors Learning and specific data sets. Administrators should be assigned permissions to SAP SuccessFactors Learning based on their job responsibilities and the area they need to access data. SAP SuccessFactors Learning security can be set up to restrict what information an administrator can see and what they can do to this information.

Security Domains

SAP SuccessFactors Learning creates areas of data access through the use of Security Domains. These control all important entities in the Learning application except references, which are global. The use of Security Domains is an important part of security strategy. Security Domains should be created wherever there is a need to restrict data to some administrators and prevent other administrators from searching, viewing, editing, adding, or deleting the data.

Security Domains indicate what data can be seen and by whom. Security Domains act as an active filter for data, only allowing administrators with permission for the domain to view or manipulate data entities associated with that domain.

Security Domains can be built in a hierarchical structure, each domain having one or more children. Each security domain can have only one parent. The nested structure allows access to data within organizational structures with minimal work from the administrator.

Root, Parent and Child Security Domains are graphically presented in a hierarchical structure.

Security Domain Groups

Each Security Domain can be included in a Security Domain Group, defined to suit specific needs.

To provide maximum flexibility, Security Domain Groups are applied at a more granular level than merely to an entire administrator account – they are applied to the individual entities for which an administrator has permission (such as users, items, classes, or programs). They can even be applied to particular functions (for example, view, add, delete, and others) that pertain to an entity.

For example, the system can be directed to allow an administrator to only search and view item entities in domains A, A1, and A2, while allowing that same administrator permission to perform all functions on curricula in domains B2 and A2 only.

Root, Parent, and Child Security Domains are graphically presented in a hierarchical structure. Dotted lines group security domains together both horizontally and vertically.

Administrator Permissions

Permissions are what an administrator can do within SAP SuccessFactors Learning. Permissions can range from viewing user data to recording users' learning history.

A Permission is comprised of a Function tied to an Entity. These Functions can affect active entities, inactive entities, or both. An Entity in the system includes items, users, classes, etc.

The User Management Administrator Permissions are displayed with their functions and entity type.

Functions are actions such as view, edit, and delete. The status of entities that administrators are permitted to work with can be either active, inactive, or both. The combination of a function applied to an entity is a permission. For example, a permission might be View items, Edit users, or Delete classes.

Any combination of permissions can be assigned to an administrator role to permit them to do what they need to do in the system.

Roles = Permissions plus Security Domain Groups

A Role comprises Permissions and the Security Domain Groups assigned to them. The combinations of Security Domains and Permissions can be as diverse as they are numerous.

The User Management Administrator Permissions are displayed in the edit mode. Domain Restriction ID and State Restriction can be edited.

Administrator Accounts

Administrator accounts are logins created for individuals who will access SAP SuccessFactors Learning as an administrator. Each administrator will be assigned a role. This determines what functions the administrator can perform and which set of data they have access to in which to perform those functions.

Administrative accounts are graphically presented in a hierarchical structure.

Administrators can have one or more roles assigned to them based on their job requirements. Also, an administrator's user ID can be added to their administrator account, which then allows administrators to navigate between their administrator and user accounts.

Organizations

An organization is an entity to which a user belongs. You define organizations to suit your needs. For example, an organization might be along functional lines (i.e., Manufacturing, Administration, Corporate QA) or represent a business unit. You can also use another basis for defining organizations.

In the Learning Management System (LMS), organizations can be used in the following ways:

  • Users can be set up to use an organization’s account codes to pay for an item with an associated cost.
  • Organizations can have reserved seats held for a class.
  • Organizations can have an individual News page.
  • Organizations can determine the email notification layout with the header, footer, and From fields.
  • Organizations can have custom pages and links that display only for users in that organization or sub-organizations.
  • Organizations can be the control entity for multilevel approvals (instead of security domains).
  • Organizations can be used to search for users and an attribute to assign training.
  • Organizations can have Training Planner capability, which uses a Training Budget and Training Manager as part of the organization.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn