Role-Based Permissions (RBP) allows the company to have as many roles in SAP SuccessFactors as the company needs and provides the ability to grant each role a different level of permission granularity.
With many traditional systems, all members of the same group, such as Human Resources (HR) managers, have the same permissions and access in the system. With the RBP framework in SAP SuccessFactors, permissions are granted based on the work that each individual or group does. RBP also determines the groups of people that specific individuals or groups can access. For example, you can create a role that is solely responsible for Compensation and Benefits and grant it to regional managers in the United States and Europe. You can apply further restrictions to a role, for example, to allow management only of full-time employees in the region assigned to a specific role. With the RBP framework in SAP SuccessFactors both granted permissions and their scope is restricted and controlled.
In a large company that needs higher levels of administrative efficiency, you can specify automatic granting rules. For example, you can grant a role, such as Regional HR Talent Manager, to all employees in the HR department within the United States. This automates permission management so that as more employee data is added to the system, permissions automatically adjust to both the rules that match the HR department in the US and for the employees in the US.
Role-Based Security Concepts
- The role defines access to data and functionality. This is where you define what you want your role to do in SAP SuccessFactors. For example, should the role be allowed to view dashboards?
- Once the role is defined, you grant the role to groups of users represented by the Granted Users circle.
- Lastly, you restrict the granted users to perform the role on target users. For example, you may decide that managers (Granted Users circle) can view dashboards (defined in the role) on their team Target Users circle).
- Groups can be dynamic which allows us to automate the assignment of permissions. For example, a group of granted users can be "All employees in the Sales department". As employees are transferred into and out of the sales department, their permissions will automatically adjust.
- Administrators can define many roles.
Granting Role-Based Permissions
It is a simple process to grant RBP in SAP SuccessFactors:
Create Groups: Create a group and grant it the required permission, then create groups to be managed by users with those permissions.
Create a Permission Role: Define the different roles. Permission roles define access to data and application functionality.
Grant the Role to a User or Group: Add the target group created in step one with the roles created in step two. This is also referred to as linking the role to a target population.
Think of this process as who (the permission group) can do what (permission role) to, or for whom (the target population).
The SAP SuccessFactors Role-Based Permissions implementation guide available on SAP Help Portal holds the comprehensive list of RBPs used across the SAP Successfactors HXM suite.