Role-Based Permissions (RBP) is a security model that allows you to restrict and grant access to your SAP SuccessFactors HCM Suite. RBP controls access to the applications that employees can see and edit. This is a suite-wide authorization model that applies to the majority of the SAP SuccessFactors products.
Watch the video to learn about Role-Based Permissions.
Role-Based Permissions contain two main elements: Permission Groups and Permission Roles.
A permission group is a subset of employees who share common attributes, such as job code or city. These groups can be created as either static or dynamic. Dynamic groups automatically update their membership based on changes in employee information, while static groups maintain a consistent membership that only changes when updated manually.

A permission role is a set of permissions assigned to a permission group.

Certain permissions require assigning them to a group and identifying the specific population the group can access. For instance, when designating a group of IT personnel to reset user passwords, it's essential to specify whose passwords they are authorized to reset. You can determine the target population, whether they can reset all employee passwords or only those employees located in the same city as the IT.
Note
To learn more about Role-Based Permissions and other data security you can visit the SAP SuccessFactors Platform Security section in the SAP Help Portal.
Additional Permissions aside from Role-Based Permissions
Some SAP SuccessFactors solutions, especially those that use form-based templates, use additional permissions to control specific access to fields and sections of an application. An example of this is SAP SuccessFactors Goal Management. Although Role-Based Permissions (RBP) can control who can access a specific goal plan, the sections and fields of the goal plan are further controlled at the XML template level.
SAP SuccessFactors Learning is another example. The role-based permission includes access to the application, but all the learning entities (courses, items, classes, and so on) are controlled by security domains of the Learning Management System.