After completing this lesson, you will be able to:

After completing this lesson, you will be able to:

  • Develop a security structure using business units and roles
  • Create a role and set permissions

Business Unit and Role-Based Security

SAP SuccessFactors Incentive Management uses a role-based security model, which allows users access to data based on their user login and password.

Management and access to data in the user interface is controlled using two types of security: Role-Based Security and Business Unit Security. For additional system security, audit logs are available to view and track edits by user, date and time of the change.

  • Users are individuals with permission to perform actions such as viewing or editing data, deleting records, or performing administrative tasks.
  • A role is a group of permission settings that apply to all users assigned to that role. Assigned roles with pre-defined permissions makes it easier for an administrator to control user access to data.

Business Units

Business Units allow organizations to control access for specific departments, divisions, groups, or portions of an organization. Business Units are used to restrict user access to data, and to segregate compensation data for dashboards and analytics.

  • Users can be assigned to multiple Business Units.
  • Elements that have no assigned Business Units are visible to all users.
  • Positions can only be assigned to a single Business Unit.
  • Security and Global data such as event types, unit types, and roles are not assigned to Business Units.
  • Calculations are not run in the context of a Business Unit. They can, however, be run by Position Group.

Role-Based Security

Permissions represent the level of access to an object or the ability to perform a specified action. For example, a role may allow members to read create and edit records in the Participants workspace, but only read records in the Transactions workspace.

Permissions contain a number of Permission Sets that organize types of permissions into logical groups, making it easier to find a type of data. For example, a permission set called Organization groups the Participants, Positions, Titles, Roll Types, and Position Groups.

Exercise: Create a Role and Assign a User

Business Example

In this exercise, we will create a role that will grant permissions to our compensation team members. We will also create a new user and assign her to the role.


  1. Create a role called Comp Admins that allows access to Organization and Plan data.

    1. From the Manage Setup tile, click Security – Roles.

    2. Click the Create (+) icon on the toolbar.

    3. Enter the name Comp Admins.

    4. Click the Permissions tab.

    5. Click the Organization permission set.

    6. Using the checkboxes, allow Update for Participants, Positions and Titles.

    7. Click the Plan Position Group.

    8. Using the checkboxes, allow Create for all objects.

    9. Click the Save button to save the role.

  2. Create a user named Paula Wolf and assign her to the new role. We will also give her full access to the BikesInMotion Business Unit.

    1. Return to the Home Page.

    2. Click Security – Users.

    3. Click Create (+).

    4. Enter the following information for the new user:

      User ID: paula.wolf

      Full name: Paula Wolf

      Read Only Business Units: Any Business Unit

      Full Access Business Units: BikesInMotion

      Password: Training101

      Set Paula’s role to Comp Admin: Select Associated Roles

    5. Select Comp Admins from the dropdown list.

    6. Select Create.

Log in to track your progress & complete quizzes