Assigning Employee Central Role-Based Permissions (RBP)

Objectives

After completing this lesson, you will be able to:

  • Assign Employee Central Role-Based Permissions (RBP)

Employee Central Role-Based Permissions (RBP) Assignment

Employee Central Permissions

The role-based permission framework is vast and encompasses permissions for all SAP SuccessFactors solutions. For this course, we'll focus on the common permissions for Employee Central.

Note
The permissions mentioned in this section are not the complete list used in Employee Central. Additional Resources are included at the end of this unit.

Permission Roles control the access permissions in the system and define the overall access to data and application functionality. To create and manage permission roles, complete the following steps:

1. Choose Manage Permission Roles.

2. Create New or open existing roles.

3. Choose Permission to navigate to Permission Settings.

Figure, Permission Roles, shows permission categories such as Employee Data and Employee Central Effective Dated Entities. When you select one of these categories, the permissions or fields for this category are displayed on the right side of the interface.

Managers and employees in EC use the following permission categories: Employee Data, Employee Central Effective Dated Entities, and Employee Views. Customers who use custom fields in these categories must also receive permissions for the relevant roles.

In this lesson, we will cover the following permissions:

  • Employee Views
  • Employee Central Effective-Dated Entities
  • Employee Data
  • Employee Central Import Entities
  • Manage Foundation Object Types
  • Manage Foundation Objects
  • MDF Foundation Objects

Employee Views 

The Employee Views permission defines whether you can see the sections configured in People Profile. This permission is only visible once People Profile has been initially configured during the implementation. Relevant Employee Central sections include:

  • Personal Information
  • Employment Information
  • Total Rewards

Employee Central Effective-Dated Entities

The Employee Central Effective-Dated Entities permission grants field-level access for effective-dated elements and fields. These objects can keep track of historical and future changes. This permission is only available when the succession data models have been initially uploaded during implementation. Employee Central comes with standard effective dated elements, such as the following:

  • Personal Information (personalInfo)
  • Addresses (homeAddress)
  • Dependents (personRelationshipInfo)
  • Job Information (jobInfo)
  • Compensation Information (compInfo)
  • Job Relationships (jobRelationsInfo)

Complete the following interaction to understand how the level of access for effective-dated entities works.

Granting Effective Dated Block Permissions

There are several layers of permission to consider when you grant the Effective Dated Block Permissions. The first layer is the basic understanding of the different field permission types, such as View Current, View History, Edit/Insert, Correct, and Delete.

Additionally, there are permissions for the Effective Dated Blocks and the button options you might have to view and edit data. This section will detail the differences between each of the following permission:

  1. Block Actions Permissions,
  2. Edit Link Permissions,
  3. Field Level Permissions

See Figure, Effective Dated Permissions.

Block Actions control the user access level to the block overall and block buttons.

ViewCurrent Block Visible in People Profile
View HistoryHistory button available on the block (clock button)
Edit/InsertInsert Record button available in the History view of the block*
CorrectEdit button available in History view of the block
DeleteDelete button available in History view of the block
Note

Having Edit/Insert available allows someone to bypass event reason derivation and workflows. This does not make the Edit (pencil icon) button appear on the block.

The Edit Link button controls whether the Edit (pencil icon) button is available to the user on the block. For the Edit Link Permissions function, the only level of access that matters is the Edit/Insert option.

Edit/Insert: Update the field's value using the Edit (pencil icon) button or Take Action button.

When you select the Edit/Insert permission for these blocks, you also grant the option to initiate the transaction using the Take Action button:

  • Job Information
  • Compensation Information
  • Job Relationships
  • Employment Information
  • Spot Bonus/One Time Payment

To include these blocks in the Actions menu:

  1. Go to User PermissionsEmloyee DataHR Actions.
  2. Select Update Employment Records (displayed as the Take Action button).

Field-Level Permissions

Field-level permissions control each field’s specific ability to be maintained. Each field can be controlled on its level of visibility and editability.

View CurrentView current value of the field
View HistoryView historical values of the field if accessed in the History view of the block
Edit/InsertUpdate the value of the field using Insert New Record in the History view of the block (allows updating a field when creating a new record)
CorrectUpdate the value of the field using the Correct Button, which is available in the History view
DeleteNot applicable to individual fields, entire records are deleted

Employee Data Permissions

The permissions for non effective-dated entities are in a separate category, the Employee Data permissions.

Use the interaction below to learn the relevant Employee Data permissions used in Employee Central.

Employee Central Import Entities

This allows you to perform or restrict imports to Person and Employment objects.

Manage Foundation Object Types

These are admin permissions that define the actions allowed for XML-based corporate data found in Manage Organization, Pay, and Job Structures. This permission is only available when the Corporate Data models have been initially uploaded during implementation.

Manage Foundation Objects

This enables the admin permissions that set the actions for importing foundation data, translations, and corporate data models.

MDF Foundation Objects

This sets the admin permissions that define the actions allowed for MDF-based corporate data.

Exercise: Assign Employee Central permissions to a group of users

Business Example

The ACE Corporation wants its IT managers to be able to update all their employees’ contact information. This information is stored in the Personal Contacts block of the Personal Information section of People Profile. You will create a new IT manager permission group and role to meet the requirement.

Note
This exercise is a standalone activity and is not required for completing other hands-on exercises for this course.

Watch the video on how to grant employee permissions.

Steps

  1. Proxy as Tammy Aberts, an IT Manager, to verify if you can change any employee's contact information.

    1. Login to your instance as an administrator.

    2. Proxy as Tammy Aberts, an employee that has the job classification of IT Manager (IT-MAN).

    3. Navigate to Robert Allen’s Employee File.

    4. Can you see Robert Allen’s Personal Information → personal contacts? Why or why not?

    5. Switch back to your administrator account with the user menu → become self.

  2. Go to Manage Permission Group to create an IT Manager RBP Group. Include all employees with the Job Code: IT- MGR. Verify that Tammy Aberts is included in the group.

    1. Navigate to Manage Permission Groups.

    2. Choose Create NewIn Group Name, add Granted: IT Managers.

    3. Under Choose Group Members, choose Pick a categoryJob CodeIT Manager (IT- MGR)Done.

    4. In the upper-right box, select Active Group MembershipUpdate.

    5. Choose the number in the Active Group Membership bubble.

    6. Verify Tammy Aberts is a group member.  Select Close.

    7. Choose Done.

  3. Go to Manage Permission Role to create an IT Manager Access RBP Role. Use the RBP Group from the previous step as the granted group and assign the correct permissions for the business example.

    1. Navigate to Manage Permission Roles.

    2. Choose Create NewRole NameIT Manager Access.

    3. Under Step 2, choose Permission.

    4. Choose Employee Views → Personal Information.

    5. Choose Employee DataHR InformationPersonal ContactsEdit.

    6. Choose Done.

    7. In Step 3 Grant this Role to..., choose Add.

    8. Under Grant role to: Permission Group, choose Select.

    9. Search for Granted and choose Check Granted: IT Manager GroupDone.

    10. Under Target Population, choose EveryoneDoneSave Changes.

  4. Proxy as Tammy Aberts to verify if you can see the new section and blocks on Robert Allen's profile.

    1. Proxy into the system as Tammy Aberts.

    2. Navigate to Robert Allen’s Employee File and choose Personal Information

    3. Can you see the People Profile Section Personal Information? Why or why not?

      Can you see the block personal contact in Personal Information? Why or why not?

      Is there an edit button on the block personal contacts? Why or why not?

    4. Choose the Edit (pencil icon) on Personal Information.

      Can you edit the add/edit personal contacts? Why or why not? 

    5. To close the Edit screen, choose Cancel.

    6. Switch back to your user account by selecting the user menu → become self.

Additional role-based permission resources

For more information on Role-Based Permissions, refer to the following documents in the SAP Help Portal:

Log in to track your progress & complete quizzes