2080181 - Respect Permission Functionality in Workflow Configurations - EC

• Explanation of why a field is seen or not seen in the Workflow Approval screens.
• This KB article gives details and background on the fields seen when asked to approve a workflow
• Why do only some fields display on the Workflow Details Page?
• An approver can see all the fields in the Workflow without appropriate permissions

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors HXM Suite

• The workflow is configured as Respect Permissison = Yes
• The workflow can be configured to respect Role-Based Permissions (RBP) to restrict fields viewable in workflows based on role-based Target Permissions.

• The Respect Permission Functionality can be configured for the following Participant Types within the Workflow Configuration:
• Approver Step
• Contributors Step
• Cc Role Step
  
  
• By default, RBP are not respected. Meaning workflow participants can see all of the fields regardless of what RBP group they are a part of.
• Once Respect Permission is changed to Yes, the workflow participants can only view fields they have permissions for.
• Note: If Respect RBP has been recently changed to Yes/No, it will not affect any previously triggered workflow details. It will go into effect for any newly created workflow details after the changes took place.

Caveats & Limitations: 

• Role-Base Permissions are not supported for the folloing information changes:
• New Hire & Rehire
• Global Assignment
• Concurrent Employment
• Pension Payout
• Dependents
• Work Permit
• Workflow Foundation Object

Initiator Overlap with Approver Steps:

• If the Initiator overlaps with the Approver, Contributor, or Cc Role, they may be able to edit fields in the workflow request that should be read-only.

RBP for MDF Objects:

• Respect Permission = Yes: To restrict the fields from being visibile in the workflow details page, field level overrides should be activated within RBP for the specific fields.

If the Workflow Is sent Back Status:

• The following applies for workflow initiators when using the Respect Permission Field:
• Respect Permission = No: For all workflow steps: does not respect permissions when it is sent back to the initiator
• Respect Permission = Yes: For at least one workflow step: the system does not respect permissions when sent back to the initiator, but if it is re-submitted, the RBP will then retain RBP.

If the configuration is set to Yes: The following banner will display at the top of the workflow details page:

"Content displayed on this page is restricted based on user permissions.  If looking for content not displayed on this page, it is possible you do not have the required permissions. Contact an Administrator more information on content you are allowed to access."

Note: This banner can not be removed as it is hardcoded, based upon the configurations in the Workflow Foundation Object Configuration.

• Respect Permission = No & the initiator is an approver/contributor/or a Cc Role: the workflow does not respect RBP when it is sent back to the initiator.

• 2544336 - Custom MDF workflow and its behaviors depending on Pending Data = Yes/ No.
• 2768151 - Triggering workflows on MDF object using Business rule.
• 2080108 - Workflow Role Types - Employee Central 
• 2225521 - Workflow CC user Role does not respect RBP 
• 2224090 - Workflow does not respect CC user’s Role Based Permissions
• Guide:  Implementing and Configuring Workflows in Employee Central 
• Guide:  How Role-Based Permissions Work for Workflows in the Managing Workflows with SAP SuccessFactors Employee Central 

EC, SF, EmpCentrl, RBP, WFL Details page, success factors,workflow, permission , KBA , sf employee central , LOD-SF-EC-WFL , Workflows - Configuration, Tools, Objects & Rules , How To

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM all versions