Defining Employee Central Role Based Authorization

For SAP SuccessFactors Employee Central Payroll, you will provide an authorization note in the back end system as well as permissions for SAP SuccessFactors Employee Central. This lesson provides a short overview of the permissions in SAP SuccessFactors Employee Central.

The image shows a specific space where the administrator can make some configuration of SAP SuccessFactors Employee Central. There are a few tools for the permission configuration. For SAP SuccessFactors Employee Central Payroll (back end) you will use the term "authorization". For SAP SuccessFactors Employee Central or other SuccessFactors modules, you will use the term "permission".

First, you need to find the correct services/tools where you can configure permissions which are found in the admin tools. Choose the link See All, which will show you all the available tools assigned to your permission level.

Next, you’ll create permission roles that contain the relevant PCC authorization in SAP SuccessFactors Employee Central. When you choose the permission roles link, you will find a list of the existing SAP SuccessFactors Employee Central roles. If you need to provide additional permissions, choose the corresponding name of the role, then permission. Then, there are a few options for payroll permissions. These options are in the orange boxes. You need to mark all necessary permission objects and save entry. You can only work with services that you have authorization. If the business user learns that they don’t have the necessary permissions or authorization, they need to request their permissions/authorizations are updated. The security administrator can add all necessary permissions/authorizations for the user.

If a customer would like to expand their functionality to work with new or different elements (new processes or functionality), usually we have a specific team (security), which works with the authorizations, profiles, and roles. Consultants and PCC admins don’t typically update permissions/authorizations, this is done by a different customer role. Ensure that the correct person has access to the correct data.

Assign payroll systems to a target user (Payroll Admin/Manager to dev system)

Configure SAP SuccessFactors Employee Central Payroll parameters such as PCC user interfaces used, payroll tasks configuration, and data replication monitor

Assign the ability to view PCC User interfaces

Next, you will create permission groups that contain the relevant PCC authorization. For example, PCC Process Management (Team Lead) can be set up dynamically.

Employee Central: Two main steps for role creation

1. Create roles
2. Create groups that can work with the role

A note about groups:

Who will be able to work with this transaction and for which individuals that specific user has employee data access.

When the Payroll Process Manager runs payroll processes for employees, they must have access to all necessary employee data to complete the task. Depending on the customer, authorization must span across countries, departments, or groups, if necessary (huge enterprises). It is important to restrict access to certain employee groups. This is a sensitive topic for your customers.

Creating permission groups linked to permission roles is the last step. Now, you can link the role with the users. You’ll also provide information about the target audience – which employee will be processed in PCC for their responsible person.

Create permission groups that contain the relevant PCC authorization. For example, PCC Process Management (Team Lead) can be set up dynamically.