SAP Knowledge Base Article - Public

3023095 - [ONB 2.0]Permission refreshing issue after conversion of external user to internal user and HRIS sync job for New Hires


The new hires who was created through ONB or HRIS Sync cannot see or be viewed their employee info although they already be configured in correct permission groups.

Due to which HR or any other responsible group is not able to view the employee profile from employee search.

They receive the below error : You do not have permission to view this profile.


Successfactors Onboarding 2.0

Reproducing the Issue

  • Hire a candidate from the Manage Pending Hire to EC
  • Run the Convertexternaluseronstartdate and HRIS sync job
  • Now the HR or any other permission group having the permission to view the employee profile for a respective permission group which the employee is part , should be able to view the employee profile.
  • But they receive the error : You do not have permission to view this profile.


ONB is calling a platform owned 'ConvertExternalUsertoInternalUser' SCA to convert external user to internal user, who expect there should be overall refresh be triggered by this SCA. However, that is not the true behavior in the existing SCA. And indeed it only does DGRefresh for the default 'EVERYONE' group. As the result, the converted internal user cannot be refreshed in other groups after the conversion. Once HRIS sync runs for the user, they might be able to be refreshed in other groups by the all DG refresh. However HRIS sync only pick the user when EC related data was changed for this user)


Work Around for the issue is to trigger the 'Refresh Access Membership' or 'Refresh Rule User' job for it.

Please do below check for different scenario:

  1. Go to provisioning of the customer's instance
  2. Go to the Manage Scheduled Jobs and select the "Refresh RBP Rules" job type, and then click the Refresh button

Scenario 1: There is the submitted 'Refresh RBP Rules' job shown in the list

Please wait for the job to be completed or manually run it now. The frequency of the job execution relays on the specific configuration of the job.

Scenario 2: There is no job shown in the list

Then Kindly enable the below switch in provisioning :

  • Ensure 'Enable Refresh Framework' in 'Company Setting' is checked
  • Login to the instance and go to the permission group which included the new user or someone who needs to view the employee profile of the new user.

In above role, user in group_a wants to see the new hire in group_b. Take below actions for either 'group_a' or 'group_b‘

Open the group and click 'save' without any changes. Attached screenshot for reference :

The job 'Refresh Access Membership' then will be triggered

Once the job be completed, go to User Role Search to check the result


Permission profile employee profile RBP Refresh , KBA , LOD-SF-OBX-EC , Integration EC - MPH, Hire , Problem


SAP SuccessFactors Onboarding 2011