SAP Knowledge Base Article - Public

3025459 - RBP User Role Change Audit Report showing incorrect changes

Symptom

The report to audit on changes to RBP roles assignments can be found under Role Based Permission > RBP user role change audit. After running the report you experience the following:

  • "The changed by user" field showing changes done by a user who does not have access to Role Based Permissions
  • "The changed by user" field will be “SCHEDULED_JOB”
  • "The changed by user" field will be empty


Environment

SAP Successfactors HXM Suite

Cause

This is expected behavior of Change Audit > Role Based Permission > Change Audit permissions.

Resolution

  • If "The changed by user" field showing changes done by a user who does not have access to Role Based Permissions:

This is expected any filed changes related with the RBP user role change, it will record anyone who changes the filed values (which are set as dynamic group filters) of users, that will affect the Change Audit Report records, also when some of the user information change(e.g. status, type, etc.), the relevant group/role/rule change will be recorded in the RBP_USER_ROLE_CHANGE_REPORT, it does not mean that the user changed them within RBP directly or should require RBP admin permissions. It means any attribute changes may trigger RBP jobs to refresh groups definition, rules mapping relationships or permission roles definition, who changes the attribute reacting on changes of RBP definitions or relationships will be recorded as 'changed by' users in the report.”


  • If "The changed by user" field is shown be “SCHEDULED_JOB” in the Change Audit Report "RBP User Role Change report"

This is expected since there was an enhancement to this Report to shows the “SCHEDULED_JOB” value when the change was made by scheduled jobs. 

You cannot setup a job to test behavior manually because the Change Audit Data Extractor Job will record the Job Creator/Executor as the "Changed By User". For example, you schedule or run a job to update some role or rule for some users, you can see the job executor/creator on Provisioning and will be 
recorded as "Changed by" into the audit report. Therefore, it can only record as "SCHEDULED_JOB" through the job triggered.

Note : Due to the code logic, any action done by an entity with invalid user name will be recorded as “SHCEDULED_JOB” ( thus, other than scheduled job, behavior may also include database admin manually change in database level, non internal user who doesn’t not have valid user ID conduct the change. 


  • "The changed by user" field will be empty in the Change Audit Reports "RBP Group Change Report" and "RBP Static Group Membership Change Report"

On b2105 release, “Changed By User” information enhancement will be published of those reports that will be filled with “SCHEDULED_JOB” for role changes caused by scheduled jobs, including firstname, lastname, username for changes caused by scheduled jobs. The detail of the job causing the change will not be recorded in the report.


For more details on Change Audit for Role Based Permissions please see SAP Help Help Admin Guide RBP User Role Change Audit 

See Also

2618848 - Enabling Change Audit Feature

Keywords

Change Audit , Role Based Permission , RBP User role change , RBP , PLA-17829 , INC0268000, PLA-12876 , change audit , rbp , wrong data , scheduled_job , KBA , LOD-SF-PLT-RBP , Role Based Permissions , How To

Product

SAP SuccessFactors HXM Suite all versions