Symptom
Manage Advances has no permission in the RBP role however the user can still see Manage Advance Objects through the Admin Center
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP SuccessFactors HXM Suite
- SAP SuccessFactors Employee Central Metadata Framework
Reproducing the Issue
- Login to the instance
- Open Admin Centre
- Search for Manage Advance Objects
- You'll be able to access this view although you do not have permissions set up in the RBP. However there is no data displayed in this view
Cause
Before b1511 the permissions for the Manage Advance Objects link are based on the Read/Write permissions on Metadata Framework
These are needed however for other MDF actions and are not exclusive to Advances
From b1511 release, there is a separate RBP Permission to manage Advances called Advances Admin Overview which will manage the access rights of users to Manage Advance Objects.
Resolution
Please uncheck, in the relevant RBP, the edit/view permission to Advances Admin Overview to prevent non admin users to access Manage Advance Objects
Keywords
SF SuccessFactors Manage Advance Objects visible access permission RBP MDF EC , KBA , LOD-SF-EC-MDF , MDF & EC2MDF Migration , LOD-SF-EC-LOC , Localization & Country Specifics (EC Core) , Problem