Assigning Employee Central Role-Based Permissions (RBP)

After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Assign Employee Central Role-Based Permissions (RBP)

Employee Central Role-Based Permissions (RBP) Assignment

Employee Central Permissions

The role-based permission framework is vast and encompasses permissions for all SAP SuccessFactors solutions. For this course, we'll focus on the common permissions for Employee Central.

The permissions mentioned in this section are not the complete list used in Employee Central. Refer to the Additional Resources mentioned at the end of this unit for the relevant guides.

Permission Roles control the access permissions in the system and define the overall access to data and application functionality. To create and manage permission roles, complete the following steps:

1. Choose Manage Permission Roles.

2. Create New or open existing roles.

3. Choose Permission to navigate to Permission Settings.

As shown in the figure, Permission Roles, you can see permission categories such as Employee Data and Employee Central Effective Dated Entities. When you select one of these categories, the permissions or fields for this category are displayed on the right side of the interface.

Managers and employees in EC use the following permission categories: Employee Data, Employee Central Effective Dated Entities, and Employee Views. Customers who use custom fields in these categories must also receive permissions for the relevant roles.

In this lesson, we will cover the following permissions:

  • Employee Views
  • Employee Central Effective-Dated Entities
  • Employee Data
  • Employee Central Import Entities
  • Manage Foundation Object Types
  • Manage Foundation Objects
  • MDF Foundation Objects

Employee Views 

The Employee Views permission defines whether users can see the sections configured in People Profile. This permission is only visible once People Profile has been initially configured during the implementation. The sections most relevant to Employee Central are as follows:

  • Personal Information
  • Employment Information
  • Total Rewards

Employee Central Effective-Dated Entities

The Employee Central Effective-Dated Entities permission grants field-level access for effective-dated elements and fields. These objects can keep track of historical and future changes. This permission is only available when the succession data models have been initially uploaded during implementation. Employee Central comes with standard effective dated elements, such as the following:

  • Personal Information (personalInfo)
  • Addresses (homeAddress)
  • Dependents (personRelationshipInfo)
  • Job Information (jobInfo)
  • Compensation Information (compInfo)
  • Job Relationships (jobRelationsInfo)

Complete the interaction below to understand how the level of access for effective-dated entities works.

Granting Effective Dated Block Permissions

Field-Level Permissions

Field-level permissions control each field’s specific ability to be maintained. Each field can be controlled on its level of visibility and editability.

View CurrentView current value of the field
View HistoryView historical values of the field if accessed in the History view of the block
Edit/InsertUpdate the value of the field using ESS/MSS/ Insert New Record in the History view of the block (allows updating a field when creating a new record)
CorrectUpdate the value of the field using the Correct Button, which is available in the History view
DeleteNot applicable to individual fields, entire records are deleted

Employee Data Permissions

The permissions for non effective-dated entities are in a separate category, the Employee Data permissions.

Use the interaction below to learn the relevant Employee Data permissions used in Employee Central.

Employee Central Import Entities

This allows users to perform or restrict imports to Person and Employment objects.

Manage Foundation Object Types

These are admin permissions that define the actions allowed for XML-based corporate data found in Manage Organization, Pay, and Job Structures. This permission is only available when the Corporate Data models have been initially uploaded during implementation.

Manage Foundation Objects

This enables the admin permissions that set the actions for importing foundation data, translations, and corporate data models.

MDF Foundation Objects

This sets the admin permissions that define the actions allowed for MDF-based corporate data.

Exercise: Assign Employee Central permissions to a group of users

Business Example

The ACE Corporation wants its IT managers to be able to update all their employees’ contact information. This information is stored in the Personal Contacts block of the Personal Information section of People Profile. You will confirm that the IT managers cannot view the required information in the People Profile section. You will create an IT Managers RBP group using the job code as the criteria. Then you will create an RBP Role to assign the required permissions, using the IT Managers group as the granted entity and Everyone as the target population. Finally, you will verify that your changes meet the requirements for ACE corporation.

The different sections in an employee’s file are called Employee Views. For example, Employment Information, Pending Requests, Scorecards, etc.


  1. Test your current permissions to determine if Tammy Aberts, an IT Manager, can change any employee's contact information.

    1. If necessary, log in to your instance as an administrator.

    2. Proxy as Tammy Aberts, an employee that has the job classification of IT Manager (IT-MAN).

    3. Navigate to Robert Allen’s Employee File.

    4. Can you see Robert Allen’s Personal Information → personal contacts? Why or why not?

    5. Switch back to your administrator account with the user menu → become self.

  2. Create the IT Manager RBP Group. It should contain all employees with the Job Code: IT- MGR.

    1. Navigate to Manage Permission Groups.

    2. Choose Create New →In Group Name, add Granted: IT Managers.

    3. Under Choose Group Members, choose Pick a categoryJob CodeIT Manager (IT- MGR)Done.

    4. In the upper-right box, select Active Group MembershipUpdate.

    5. Choose the number in the Active Group Membership bubble.

    6. Verify Tammy Aberts is a group member.  Select Close.

    7. Choose Done.

  3. Create the IT Manager Access RBP Role. Use the RBP Group from the previous step as the granted group and assign the appropriate permissions for the business example.

    1. Navigate to Manage Permission Roles.

    2. Choose Create NewRole NameIT Manager Access.

    3. Under Step 2, choose Permission.

    4. Choose Employee Views → Personal Information.

    5. Choose Employee DataHR InformationPersonal ContactsViewEdit.

    6. Choose Done.

    7. Under Step 3, choose Add.

    8. Under Grant role to: Permission Group, choose Select.

    9. Search for Granted and choose Check Granted: IT Manager GroupDone.

    10. Under Target Population, choose EveryoneDoneSave Changes.

  4. Test your configuration.

    1. Proxy into the system as Tammy Aberts.

    2. Navigate to Robert Allen’s Employee File and choose Personal Information

    3. Can you see the People Profile Section Personal Information? Why or why not?

      Can you see the block personal contact in Personal Information? Why or why not?

      Is there an edit button on the block personal contacts? Why or why not?

    4. Choose the Edit (pencil icon) on Personal Information.

      Can you edit the add/edit personal contacts? Why or why not? 

    5. To close the Edit screen, choose Cancel.

    6. Switch back to your user account by selecting the user menu → become self.

Additional role-based permission resources


For more information on Role-Based Permissions, please refer to the following documents in the SAP Help Portal:

Save progress to your learning plan by logging in or creating an account

Login or Register