SAP Learning Journey

Configuring Role-Based Permissions for self-service during implementation

Objectives
After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Customize RBP for self-service access
  • Update employee information by using manager self-service (MSS)

RBP for Employee Self-Service (ESS)

You previously learned about role-based permissions for administrators. In this lesson, you will learn how Employee Central uses RBP to manage Employee Self-Service and Manager Self-Service. Self-Service is built into Employee Central and is not an additional solution.

In the figure, RBP for Employee Self-Service, you can see an example of how this feature works. Employee Self-Service allows employees to initiate and complete transactions without HR tickets. For example, an employee can change their home phone number. RBP typically has three parts. In the figure, the granted population is all employees, the role is the permission to view and edit the phone number, and the target population is themselves.

Typical employee self-service options may include:

  • Update marital status or name change
  • Update of home address information
  • Update of dependents information
  • Updated of emergency contact information
To navigate to Personal Information, click HomeMy Employee File. Then, click the Public Profile drop-down menu and choose Personal Information.

Permissions control the level of access a user has over Employee Central blocks. In the figure, Employee Self-Service, Carla Grant can view the Personal Information section of the profile and has edit access to her Address and Personal Information blocks.

Note

Even if an employee has permission to change some of the information, approval could be configured as guardrails.

Employee Self-Service permission

To create and manage permission roles, choose Admin CenterSet User PermissionsManage Permission Roles . Click Permission to go to Permission Settings.

In this example, we are setting the permission for users to have edit access to the Personal Information block:

  1. To ensure the user can see the section where the block is configured, set the relevant People Profile section in the Employee Views first.
  2. To see the block, select View Current or View History permission of the Personal Information Actions.
  3. To edit the information, select the Edit/Insert of the Edit Link.
  4. To edit field information, select the Edit/Insert of the relevant fields.
  5. Do the same for any other effective-dated blocks to which you want users to have edit access.
Hint

Avoid giving users the Edit/Insert level permission for the block actions to ensure users cannot bypass workflows when configured. Delete and Correct level permissions are best reserved for select administrators only.

Exercise: Customize RBP for ESS

Business Example

ACE Corp wants to customize what employees can view and edit in their Personal Information . The table, RBP for ESS, describes the desired access level for all ACE employees.

ExerciseStart Exercise
Hint

Where do I change permissions?

Can I use a role that already exists?

Steps

  1. Test Employee Self-Service using the table, RBP for ESS, to identify what changes are necessary. Proxy as Larry Ye and test what changes Larry can perform on his personal information.

    RBP for ESS

    BlockFieldPermissionsChanges Required? (Y/N)
    National IDAllView/Edit 
    Contact InformationEmail, Phone, Social AccountsView/Edit 
    Contact InformationBusiness EmailView 
    Personal InformationFirst Name, Last Name, Gender, Marital StatusView Current/History 
        

    1. Proxy as Larry Ye

    2. Navigate to My Employee FilePersonal Information

    3. Test each permission identified in Table 1: RBP for Employee Self-Service. Does it match the desired permission/level of access?

  2. Update the permissions on the Employee Self-Services RBP role. Use the changes required from step 1 to determine the permissions that need to be adjusted.

    1. As an administrator, navigate to Manage Permission Roles

    2. Select Employee Self-ServicePermissionEmployee DataNational IDView & Edit.

    3. Navigate to Employee Central Effective Dated EntitiesPersonal Information. Remove the permission Edit/Insert for the First Name, Last Name, Gender and Marital Status fields.

    4. Select Done.

    5. Select Save Changes. Choose Yes to confirm the changes to everyone in the company.

  3. Test Employee Self-Service. Proxy as Larry Ye and verify that the ESS permissions are configured correctly.

    1. Proxy as Larry Ye

    2. Navigate to My Employee FilePersonal Information.

  4. Test each permission again identified in the table. Does it match the desired permission/level of access?

    1. Can you edit the National ID block?

    2. What can you edit under Contact Information?

    3. What fields can you edit in Personal Information?

RBP for Manager Self-Service

Manager Self-Service allows a manager to initiate transactions for their direct reports. These transactions are typically accompanied by workflows.

Typical manager self-service transactions may include:

  • Update employee job information
  • Update salary information
  • Initiate transfers

Manager Self-Service

The Actions button is the typical starting point for managers. A list of options appears here to initiate transactions for their employees. The manager selects the kind of change that is required and fills in the appropriate fields. In the figure, MSS, you can see examples of typical MSS options. Take Action menu is available in the employee’s profile or quick card.

Manager Self-Service permissions

In this example, we are setting the permission for managers to initiate changes to Job Information for their employees.

  1. To ensure the manager can see the section the block is configured, set the relevant People Profile section in the Employee Views first.
  2. To see the block, select View Current or View History of the Job Information Actions.
  3. To edit the information, select the Edit/Insert of the Edit Link.
  4. To edit field information, select the Edit/Insert of the relevant fields.
  5. Do the same for any other effective-dated blocks to which you want users to have edit access.
  6. To initiate the changes using Take Action, select Edit permission for Update Employment Records in Employee Data, see the figure, MSS permissions.
Hint

Avoid giving managers the Edit/Insert level permission for the block actions to ensure workflows cannot be bypassed when configured. Delete, and Correct level permissions are best reserved for select administrators only.

Exercise: Customize and use Manager Self-Service (MSS)

Business Example

ACE Corp would like to apply the following restrictions for their manager permission role.

  • Managers must view Current | History and Edit permissions to Job Info, Comp Info and Job Relationship (permission to fields and other blocks remain the same).
  • NO MANAGERS should have access to HistoryInsert New Record.

Additionally, ACE would like to see an example of a transaction initiated through Manager Self-Service.

ExerciseStart Exercise

Steps

  1. Update permission role for managers according to the business example.

    1. Log in to your instance, proxy as Carla Grant.

    2. Navigate to Marcus Hoff's profile.

    3. Verify that Carla has the History ButtonInsert New Record permission for Job Information, Job Relationships, and Comp Information.

    4. Return to your administrative access.

    5. Navigate to Manage Permission RolesManager RolePermissionsEmployee Central Effective Dated Entities

    6. In the Job Information Actions row, deselect Edit/Insert

    7. In the Compensation Information Actions row, deselect Edit/Insert

    8. In the Job Relationships Actions row, deselect Edit/Insert

    9. Select Done. Save your changes. Log out and Log back in. 

    10. Proxy as Carla Grant.

    11. Navigate to Marcus Hoff's profile and verify that Carla has no Insert New Record permission for Job Information, Job Relationships, and Compensation Information.

  2. Update Marcus Hoff’s Compensation Information as Marcus' manager, Carla Grant. Use the information in the Compensation Adjustment table to update Marcus’ information.

    Compensation Adjustment

    FieldData
    Employee NameMarcus Hoff
    Base Salary165,000 USD Annual
    Bonus5,000 USD Quarterly

    1. Proxy as Carla Grant.

    2. Search for Marcus HoffEmployment Information.

    3. Choose ActionsChange Job and Compensation Info.

    4. Check the Compensation Information.

    5. Select Today's Date for the start date.

    6. Use the information Compensation Adjustment table to update Marcus’ information.

    7. Ensure that the following entities are updated:

      1. Range Penetration
      2. Total Earning Opportunity
      3. Annualized Salary

    8. Select Save and verify that the Change Bonus Amount request is triggered, and choose Confirm.

Save progress to your learning plan by logging in or creating an account

Login or Register
Continue to next lesson