2088159 - Manage Users: What are Default User Group Assignments? - Platform

SAP Knowledge Base Article - Public

2088159 - Manage Users: What are Default User Group Assignments? - Platform

Symptom

  • What are Default User Group Assignments?
     
     
  • This document explains:

    1. How to use default user group.
       
    2. How to add users to the group.
       
    3. How to remove users from the group.
       
    4. How to define permissions for the default user group.

    5. Issues ocurring because users are not in the default user group.

Environment

  • BizX Platform

Resolution

How can you use the Default User Group?

  • The Default User Group is the one user group to which every active user must belong to be able to log in to the SuccessFactors Application.

    This group was set up when your system was implemented and grants all members within it permission to log in to the SuccessFactors Application.
     
  • You can use the Default User Group to set up global permissions or access to features. The SuccessFactors Application associates permissions with groups, and not individuals. This means that in order for a user to have access to a certain feature, the user must belong to a group that has permission to use that feature. When the user is removed from the group, the user loses access to the feature.

A. To assign members to this group go to

  1. Admin Tools > Manage Security > Default User Group Assignment.
     
  2. Using the links assign "groups" of users to the Default User Group or assign "individual users" to the Default User Group.
     
  3. Set your filter options to define your target group.
     
  4. Use the Remove button to remove users from the Default User Group.


B. To define Default User Permissions go to

  • Admin Tools > Manage Security > Default User Permissions.
     
  • Using the check boxes, select those features you wish to grant to the default user group.
     
     
     
  • Because all of your users belong to the Default User Group, whatever permissions you grant to this group is essentially applied to all of your users. For example, if you want all of your users to be able to access a specific performance review form, you can easily do so by giving the Default User Group permission to access this form. Once you've done that, all of your users get access to the form because they are all members of this group.

    TIP: Removing all users from the default user group is a good way to prevent all users from accessing the system, this is easily reversed. WARNING: If this is what you are doing, be sure to add your own admin username back to the default user group BEFORE you log out or you will be locked out of the system!

 

Problems Experienced When Users Removed from Default User Group

  • Can't login: A user that is not part of the Default User Group will not be able to login to the SuccessFactors Application. If you are not using SSO then when the user tries to login, they will be returned to the login screen and see the message "Invalid username or password. Please re-enter your login info."
     
  • Forms wont route properly: If a form was to be routed to this person at the time the user is not part of this group then the step will be skipped and move to the next active person. If there are no valid active people, then forms will skip to the completed step. You will need to reset user accounts and manually route the forms using admin tools > Route Completed Documents.

  • Forms wont launch: If a user is not in the Default User Group, you will not be able to launch a form to them. May get system error 900-001-6 error.

     
  • The users permissions will be retained. Once they are added back into the group they will have the same permissions before they were removed. If a user has lost their permissions, then not only had the user been removed from the Default User Group, but their status had also been set to Inactive. An inactive user will lose all previous permissions and you will need to manually grant back each specific permission for them. There are no reports to provide insight into what permissions they may have previously had.

 

 

Keywords

KBA , sf manage employee data , LOD-SF-PLT , Foundational Capabilities & Tools , How To

Product

SAP SuccessFactors HCM Core all versions