Getting Started with Administration

Ziel

Nach Abschluss dieser Lektion werden Sie in der Lage sein, maintain super admin, security admin, and module admins.

Administrators

SAP SuccessFactors offers different levels of administration to manage the amount of control each user has in the system. There are three basic levels of system administration:

Super Administrator
The Super Administrator is created initially in Provisioning. This administrator grants permission to others so that they can become a Super Administrator or Security Administrator.
Security Administrator
The Security Administrator is responsible for managing all security through roles and permission groups in the Role-Based Permission framework.
Administrator
An administrator is a user who has access to the Admin Center page in SAP SuccessFactors, granted by the Security Admin, that granted administrative permissions to this user.

When the Super Administrator logs in for the first time, only one link on theAdmin Center page is visible. This is Manage Super Admin Access. Choose this tool to assign an employee the permission to function as a Security Administrator.

Set User Permissions screen with Manage Super Admin Access highlighted.

Super Admin Access Management

Manage Super Admin Access screen listing the Super Admins in two categories.

The page displays a list of Super Administrators in two categories based on their permission levels:

Super admins: a broad-scope administrative role with permission to access the tool Manage Super Admin Access, Manage RBP Admin Access, User Search, and Manage Provisioning Access
Admin overseers: a high-privilege oversight role with permission to access the tool Manage Super Admin Access, Manage RBP Admin Access, and User Search.

You can add, modify, or remove super admin access as needed in this tool. The system prevents deleting yourself as a super admin. We recommend revoking super admin permissions when an employee terminates their employment or leaves the company. You can access audit logs for super admin and admin overseer data through the Viewer for SAP Audit Log service and Audit Log Search API.

RBP Admin Access Management

Manage RBP Admin Access screen showing the RBP Admin Users.

Use the Manage RBP Admin Access tool to:

Add, update, and remove RBP admins.
Grant View Role, View Group, Edit Role, Edit Group, and Notify this user of RBP Changes access to the RBP admins.
Configure notification settings for RBP admins using the RBP Notification Settings capability.

To access the tools Manage Permission Groups, Manage Permission Roles, and RBP Troubleshooting, users must at least be granted the permissions View Group and View Role from the tool Manage RBP Admin Access. If they also should be able to change Permission Groups and Permission Roles, users must be granted the permissions Edit Group and Edit Role from the feature Manage RBP Admin Access.

For permission role changes that impact many access users, you can enable double-confirmation popups and e-mail notifications for administrators. You can also set a threshold for triggering these notifications. For example, you can set the threshold to 80%, and notifications will be triggered if 80% or more employees are impacted by a permission role change.

Manage RBP Admin Access with RBP Notifications Settings pop-up

User Permission Settings

The Set User Permission area displays the tasks that you can use.

Role Based Permission Access Management

To access the features Manage Permission Groups, Manage Permission Roles, andRBP Troubleshooting, users must at least be granted the permissions View Group and View Role from the tool Manage RBP Admin and Super Admin Access available from theAction Search. If they also should be able to changePermission Groups and Permission Roles, users must be granted the permissions Edit Group and Edit Role from the feature Manage RBP Admin and Super Admin Access available from the Action Search.

You can also use the Manage RBP Admin and Super Admin Access admin tool to manage both Role-Based Permissions (RBP) admins and super admins directly in the system. You can add, modify, or remove super admin access as needed.

Options	Descriptions
Allow Access to Manage Provisioning Access Page	If selected, the admin user can access the Manage Provisioning Access page. This option is enabled automatically when you select Super User for the user.
Allow Access to This Page	If selected, the admin user can access this Manage RBP Admin and Super Admin Access page.
Super Admin	If selected, the admin user has super admin access to your system. Enabling this option automatically enables the Allow Access to Manage Provisioning Access Page option for the admin user.
View Group	If selected, the admin user can view permission groups.
View Role	If selected, the admin user can view permission roles.
Edit Group	If selected, the admin user can edit permission groups.
Edit Role	If selected, the admin user can edit permission roles.

When selecting Add User and granting the permission, the new user will be in the list with the permissions "Edit Group" and "Edit Role" box checked.

If you select the check box for Allow Access to This Page, then the users will be able to add or remove other users from the group with access to the feature. As a security precaution, the recommendation is to have at least two users with access to this page.

The Super admin is not able to uncheck their own access to the page (since it will forbid them to view this page, thus not able to grant the access back). The checkbox needs to be always checked and not able to change (marked in gray).

For permission role changes that impact a large number of access users, you can enable double-confirmation popups and e-mail notifications for administrators. You can also set a threshold for triggering these notifications. For example, you can set the threshold to 80%, and notifications will be triggered if 80% or more employees are impacted by a permission role change.

Increased Access Granularity for RBP Administrators

You can manage RBP administrator access under Admin Center Manage RBP Admin and Super Admin Access. Existing RBP administrators have both the Role-Based Permission Admin (View) and the Role-Based Permission Admin (Edit) access by default. You can review and update their access accordingly.

Some RBP administrators only need view access but not edit access.

Roles and Responsibilities of an SAP SuccessFactors System Administrator

Different SAP SuccessFactors administrators have different roles and responsibilities.

System Owner or Advocate

The following responsibilities are relevant to the system owner or advocate:

Primary contact between system users and other internal systems
Primary contact between users and the system
Stay current with all updates to system functionality
Communicate with and recommend business processes to the company owners

System Administration

The following responsibilities are relevant to system administration:

Management and oversight of user information (for example, data imports, passwords, and notifications)
Management of user permissions and privileges
Management of forms, competencies, roles, and system notifications

User Support

Provision of necessary assistance and support for all Human Resource (HR) managers
Implementation of new functionality
Training and communication to users of new functionality
Provision of reporting assistance to HR and management users
Provision of coaching assistance to managers and employees

SAP SuccessFactors Common Terms

Terms	Definitions
Instance	An instance is the front end, or customer-facing view, of SAP SuccessFactors systems.
Provisioning	Provisioning is the key configuration tool that SAP SuccessFactors uses to control many aspects of a customer instance. In essence, Provisioning is the back end of the system. Customers do not have access to Provisioning.
Admin Center	Admin Center is the central access point to a wide range of administrative features and tools that can be used to configure and maintain the SuccessFactors application. Admin Center can be used to monitor overall system health, manage cross-suite and third-party integrations. Unlike Provisioning, customers do have access to Admin Center.
Role Based Permission (RBP)	Role Based Permissions (RBP) are used to manage users’ permissions in SAP SuccessFactors. The two main components of RBP are permission roles and permission groups. Roles contain the various permissions necessary to perform tasks in an instance. Groups, which can be static or dynamic, contain the actual users who are granted access to roles via group membership.
Proxy	The proxy function allows one employee to act on behalf of another.
Home Page	The Home Page is the default starting page of the SAP SuccessFactors HCM Suite. For employees, the Home Page is the main entry point to the SAP SuccessFactors application and is generally the first page they see after logging into the system. It shows pending tasks, highlights recent activities, and helps users access common functions or areas of an instance quickly.
Org Chart	The Org Chart provides an interactive view of the organizational hierarchy and reporting relationships, including matrix managers, for your users.
Picklist	A picklist is a configurable set of options from which a user can select, typically in a dropdown menu or smart search list.
Metadata Framework (MDF)	The Meta Data Framework (MDF) is a platform functionality that allows consultants and customers to extend existing SuccessFactors HCM suite capabilities. The main building blocks of these extensions are called Generic Objects (GO).
User Data File (UDF)	The UDF is a comma-separated value (.csv) file and is used to add or change data for one or more employees’ records at a time. It is created manually or as an automated output from your Human Resources Information System (HRIS).

Grant Permission to Manage Role-Based Permissions

Business Example

Your customer wants to start with Role Based Permissions (RBP) and needs access to the tools so they can manage Role Based Permission access.

Task 1: Grant Permission to Manage Role-Based Permission Access

Your company has enabled RBP for their instance of SAP SuccessFactors. Access to manage RBP must be granted to the company administrators.

You must search for the user admin and grant them access to manage RBP.

Steps

Find the administrator2025 user.
1. Log into the instance.
2. Use the Action Search to navigate to Manage Role-Based Permission Access.
3. On the Manage Role-Based Permission Access screen, verify that you see the user administrator2025 that you created from Provisioning. Otherwise, choose Add User.
Grant RBP to administrator2025.
1. Verify that the checkbox Allow Access to This Page is enabled for administrator2025.
2. Enable Edit Group and Edit Role for administrator2025.

Result

You have successfully searched for your admin user and granted them access to manage Role Based Permissions.

Lesson Summary

Understand roles, responsibilities, and access levels of Super Admin, Security Admin, and regular administrators in SAP SuccessFactors.
Learn how to manage Role-Based Permissions (RBP) through Admin Center, including creating and editing groups and roles.
Define and apply common SAP SuccessFactors terms like Provisioning, Admin Center, RBP, Proxy, and User Data File (UDF).
Explore security precautions and notification settings for permission role changes influencing user access.
Gain knowledge of system administrator tasks, including managing user data, permissions, notifications, and support functions.

Nächste Lektion