Setting up Security

In this section, you will learn about setting up security in SAP SuccessFactors.

The Permissions model used by SAP SuccessFactors customers is Role-Based Permissions (RBP) .

In addition, there are different types of permissions in SAP SuccessFactors:

• Permissions that system administrators control, such as:
  • Access to pages and tools
  • Tool-specific settings
  • Access to MDF Objects
• Permissions that are embedded within the XML code or template of an object, such as:
  • Form section visibility
  • Goal visibility
  • Actions within a goal plan

The Role-Based Permissions (RBP) framework allows the automation of permissions assigned to roles and their associated groups.

Groups can be dynamic, which allows this automation to take place and update the membership based on employee changes, or static, with a defined list of employees.

For example, a group of granted users can be All employees in the Sales department. As employees are transferred into and out of the Sales department, their permissions will automatically adjust accordingly.

Groups can be defined by:

• All standard elements in the UDF. Standard elements are user attributes like USERNAME, DEPARTMENT, DIVISION, LOCATION, and the standard CUSTOM01-15 filters.
• In addition to standard elements, groups can be defined through relationships like the manager, matrix manager, HR manager, custom manager, and second manager.
• The Role-Based Permission management framework allows you to control the permissions granted to an employee and restrict the scope of employees that an employee can act upon, known as the Target Population.

Permission Roles will include all the required permissions granted to the different employees in the organization.

• All the permissions will therefore granted to standard role types, like All Employees, All Managers, or All Matrix Managers, or select one of the dynamic permission groups (employees from the Sales Department) or even a static group of employees defined by an administrator.
• Most of the permissions will require a target population, so access to certain data will be determined by whom the employee has access to in the Target Population.

Employees can be granted access to all or some of the administrative features by granting full or partial administrative privileges. For example, if your company has remote offices, you can allow a regional on-site manager to reset employee passwords.

Administrator (Admin User): An Administrator is any user with access to functionality in the Admin Center page. Employees with administrative privileges will have the Admin Center option in their drop-down menu in the top-left corner (Main Navigation Menu on the Home page) and the Name drop-down menu on the top-right of the screen. The Admin Center page only links to the administrative features that the employee has permission to access.

Super Admin: A Super Admin (or Super User) is an administrator who can grant administration rights to other users in the organization, including security administrators.

Security Admin (or RBP Admin): A Security Administrator manages all security through roles and permission groups in the Role-Based Permission (RBP) framework. Permission to operate as a security administrator is granted by the super admin.