Describing Permissions and Security Model in the SAP SuccessFactors Suite


After completing this lesson, you will be able to:

  • Describe the permissions and Security Model used in SAP SuccessFactors Suite

Role-Based Permissions (RBP)

Role-Based Permissions (RBP) is a security model that allows you to restrict and grant access to your SAP SuccessFactors HXM Suite. RBP controls access to the applications that employees can see and edit. This is a suite-wide authorization model that applies to the majority of the SAP SuccessFactors products.

Begin the video to learn what Role-Based Permissions are.

Role-based permissions contain two main elements: Permission Groups and Permission Roles. Permission groups can be static or dynamic. Dynamic group membership changes automatically based on changing employee information such as Job Code or City. Changes to employee information will not impact membership in static permission groups.

Permission roles define specific permissions available within an instance and map them to permission groups. Additionally, roles use the concept of Target Populations, which define a population that a role can act upon. For example, a manager may be granted the permission to change employment information of direct reports, but not peers or superiors. In that scenario, the target population is set as Direct Reports.


To learn more about Role-Based Permissions you can visit the SAP Help Portal. RBP documentation is contained in SAP SuccessFactors Platform on the Implement tab in the Security section.

Additional Permissions aside from Role-Based Permissions

Some SAP SuccessFactors solutions, especially those that use form-based templates, use additional permissions to control specific access to fields and sections of an application. An example of this is SAP SuccessFactors Goal Management. Although Role-Based Permissions (RBP) can control who can access a specific goal plan, the sections and fields of the goal plan are further controlled at the XML template level.

SAP SuccessFactors Learning is another example. The role-based permission includes access to the application, but all the learning entities (courses, items, classes, and so on) are controlled by security domains of the Learning Management System.

Log in to track your progress & complete quizzes