SAP Knowledge Base Article - Public

2088807 - Restrict Users to Proxy in as Super Users in RBP - BizX Platform


  • Restrict the following users
    • AAAA
    • BBBB


  • From proxying the following users in terms of Admin rights

    • ABC
    • DEF
    • GHI


  • BizX Platform


  • Step 1: Make sure you remove each of the users (tclint, M4J) from the role to which proxy permissions have been granted:
    a. For example: Role "RTEST" has proxy permissions granted
    b. Group "GTEST" has this role (RTEST) associated with it and M4J belongs to GTEST"
    c. Then you need to do either of the following:
    --> Remove M4J from the group GTEST and/or remove proxy permissions from the role RTEST.


  • Step 2: Create a role "SuccessFactors Admin 2ndary", give the permissions as follows:
    a. Proxy management and any other permission as desired
    b. Also "Proxy" permissions only to view – Please see below the screenshot




  • Step 3: Create two groups as shown below and follow the steps accordingly -
  1. The group below should include only secondary administrators (who should not be able to proxy in as super admins) as shown below -



  • 2.Assign the role we created to the group above as shown in the screenshot below​



  • 3.Create another group “all except admin”, make sure in the people pool you include everyone. But in the people pool to exclude, make sure you add the super admins as shown below:






  • 6.Setting target population to the role "SuccessFactors Admin 2ndary" as follows:





KBA , sf admin tools , sf how to , sf rbo , sf user , sf restrict , LOD-SF-PLT , Foundational Capabilities & Tools , How To


SAP SuccessFactors HCM Core all versions