2263846 - MDF Permissions: After defining restrictions for an object, no objects/entities are accessible

After defining restrictions for an object for more than one value (e.g. code=”1”; code=”2”), no objects are accessible.

For example, define the permission for the “TalentPool” object to be restricted to code=”pool1” and code=”pool2”.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

• SuccessFactors Metadata Framework (MDF)
• SuccessFactors MDF Talent Pools
• SuccessFactors MDF Position Model

The objects/entities are not accessible because multiple rows on the target population restriction operates as “AND” for MDF Permissions. In other words, the system limits the access to only objects/entities meeting all of the specified attribute restrictions.

Therefore, when you define the target population restriction as above, the system will retrieve Talent Pools that have code=”pool1” and code=”pool2” (only Talent Pools that have both codes, not one or the other). As each Talent Pool only has one “code” attribute, it is impossible for a Talent Pool to meet this criteria.

To restrict the target population to objects/entities for more than one value in the same permission role, you have two options: (1) use the operator IN when restricting the target population or (2) define more than one granting. It is recommended to use the "IN" operator, as it simplifies maintaining the permission roles configuration. However, if the operator IN is not available for an attribute, you would need to follow the second option.

1 Use the operator IN when restricting the target population

The IN operator allows you to specify multiple values for a permission restriction for a MDF Object. This permission restriction will then retrieve all the objects/entities that have any of the values specified in the restriction. As this operator is not available for the talent pool code, we will use a picklist field defined for the Position object as an example:

1. Under “3. Grant this role to…”, click “Add...”;
2. Define the granting as desired, select "Restrict target population to:" in the desired MDF object ("Position" object in this case).
3. Select the field based on which you would like to restrict the permissions ("Home Office Policy" field in this case).
4. Select "in" in the operator dropdown:

5. In the dropdown to the right, you can select the values that should be included in the restriction.
6. After you select a value, the system will add this value to the restriction. You can go on selecting the other desired values and the system will add the selected values on that row.

6. If you click on “…”, you will able to see the values you have on that row:

7. Save changes.

With this permission role configuration, the system will retrieve positions with "Home Office Policy IN ('office-based', 'negotiable')". In other words, it will retrieve positions that have "Home Office Policy" equals to "office-based" OR "negotiable".

2 Define more than one granting

Taking the example provided above, the following steps when defining the permission role are required:

1. Under “3. Grant this role to…”, click “Add...”;
2. Define the granting as desired, but only restrict the Talent Pool object to code=”pool1”:

3. Click “Done”;
4. Repeat steps 1 to 3 for each value for the attribute. In the example, I would add another granting with the Talent Pool restriction of code=”pool2”;
5. At the end, I would have more than one granting listed under “3. Grant this role to…”:

6. Save changes.

After changing the permission role like outlined above, the permission restriction should work properly. For the example, the system will now retrieve talent pools with code=”pool1” OR code=”pool2”.

no objects entities showing are retrieved accessible Talent Pools Position MDF defining RBP restriction based on attributes , KBA , LOD-SF-MDF-RBP , RBP Permissions on Objects , LOD-SF-SCM , Succession Management , Problem

SAP SuccessFactors HCM Core all versions ; SAP SuccessFactors Succession & Development all versions