Describing Administrator Security and Access

A multi-level security model allows administrators to access various functions in SAP SuccessFactors Learning and specific data sets. Administrators should be assigned permissions to SAP SuccessFactors Learning based on their job responsibilities and the area they need to access data. SAP SuccessFactors Learning security can be set up to restrict what information an administrator can see and what they can do to this information.

SAP SuccessFactors Learning creates areas of data access through the use of Security Domains. These control all important entities in the Learning application except references, which are global. The use of Security Domains is an important part of security strategy. Security Domains should be created wherever there is a need to restrict data to some administrators and prevent other administrators from searching, viewing, editing, adding, or deleting the data.

Security Domains indicate what data can be seen and by whom. Security Domains act as an active filter for data, only allowing administrators with permission for the domain to view or manipulate data entities associated with that domain.

Security Domains can be built in a hierarchical structure, each domain having one or more children. Each security domain can have only one parent. The nested structure allows access to data within organizational structures with minimal work from the administrator.

Each Security Domain can be included in a Security Domain Group, defined to suit specific needs.

To provide maximum flexibility, Security Domain Groups are applied at a more granular level than merely to an entire administrator account – they are applied to the individual entities for which an administrator has permission (such as users, items, classes, or programs). They can even be applied to particular functions (for example, view, add, delete, and others) that pertain to an entity.

For example, the system can be directed to allow an administrator to only search and view item entities in domains A, A1, and A2, while allowing that same administrator permission to perform all functions on curricula in domains B2 and A2 only.

Permissions are what an administrator can do within SAP SuccessFactors Learning. Permissions can range from viewing user data to recording users' learning history.

A Permission is comprised of a Function tied to an Entity. These Functions can affect active entities, inactive entities, or both. An Entity in the system includes items, users, classes, etc.

Functions are actions such as view, edit, and delete. The status of entities that administrators are permitted to work with can be either active, inactive, or both. The combination of a function applied to an entity is a permission. For example, a permission might be View items, Edit users, or Delete classes.

Any combination of permissions can be assigned to an administrator role to permit them to do what they need to do in the system.

A Role comprises Permissions and the Security Domain Groups assigned to them. The combinations of Security Domains and Permissions can be as diverse as they are numerous.

Administrator accounts are logins created for individuals who will access SAP SuccessFactors Learning as an administrator. Each administrator will be assigned a role. This determines what functions the administrator can perform and which set of data they have access to in which to perform those functions.

Administrators can have one or more roles assigned to them based on their job requirements. Also, an administrator's user ID can be added to their administrator account, which then allows administrators to navigate between their administrator and user accounts.

An organization is an entity to which a user belongs. You define organizations to suit your needs. For example, an organization might be along functional lines (i.e., Manufacturing, Administration, Corporate QA) or represent a business unit. You can also use another basis for defining organizations.

In SAP SuccessFactors Learning, organizations can be used in the following ways:

• Users can be set up to use an organization’s account codes to pay for an item with an associated cost.
• Organizations can have reserved seats held for a class.
• Organizations can have an individual News page.
• Organizations can determine the email notification layout with the header, footer, and From fields.
• Organizations can have custom pages and links that display only for users in that organization or sub-organizations.
• Organizations can be the control entity for multilevel approvals (instead of security domains).
• Organizations can be used to search for users and an attribute to assign training.
• Organizations can have Training Planner capability, which uses a Training Budget and Training Manager as part of the organization.

• Define administrator access in SAP SuccessFactors Learning by setting permissions and using Security Domains to restrict or allow specific data visibility and actions.
• Assign Security Domains to filter data access, applying hierarchical structures for efficient management and minimal administrative overhead.
• Group Security Domains to provide granular access at the entity and function level (e.g., view, edit, delete) for more flexibility.
• Assign permissions to administrator roles by combining specific functions (e.g., View, Edit) with entities (e.g., Items, Users, Classes).
• Assign roles to administrator accounts, allowing them to access specific functions and data based on their job responsibilities.
• Use organizations to group users, apply custom news pages, reserved seats, email layouts, and training budgets aligned with business units or functional areas.
• Use organizations or Security Domains as control entities for approval workflows, ensuring hierarchical and context-specific training validation.
• Allow administrators to navigate between their user and administrator accounts by linking User IDs in administrator accounts.
• Enable Training Planner capabilities, custom pages, and attribute-based training assignments through organization configuration.

Based on the content in this section, please review the list of implementation decisions your company may need to make before implementation begins and discuss them with your stakeholders, project team, and SAP SuccessFactors implementation consultants. In this way, you will be better prepared to begin the implementation.

• How will you develop a security domain structure that supports your requirements?
• You will develop one or more roles to assign to administrator accounts. Each role will have a set of permissions and can contain security domain groups if needed.
• You will develop an organizational structure that supports your requirements. Keep reporting and information tracking in mind. This structure can increase the value of assigning learning and running reports. The creation and assignment of organizations also help to speed up searches and queries.