Restrict users from proxying other users in terms of Admin rights.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SuccessFactors BizX Platform
- Make sure you remove each of the users from the role to which proxy permissions have been granted:
- For example: Role "RoleTEST" has proxy permissions granted
- Group "GroupTEST" has this role (RoleTEST) associated with it and UserTEST belongs to GroupTEST"
- Then you need to either remove UserTEST from the group GroupTEST and/or remove proxy permissions from the role RoleTEST.
- Create a role "SuccessFactors Admin 2ndary", give the permissions as follows:
- Proxy management and any other permission as desired
- Also "Proxy" permissions only to view – Please see below the screenshot
- Create two groups following these steps:
- The group should include only secondary administrators (who should not be able to proxy in as super admins)
- Assign the role we created to the group above
- Create another group “all except admin”, make sure in the Group Members people pool you include everyone. But in the people pool to exclude, make sure you add the super admins as shown below:
- Assign the same role (SuccessFactors Admin 2ndary) to this group as well:
- Setting target population to the role "SuccessFactors Admin 2ndary" as follows:
proxy, restrict, user, super, admin , KBA , sf how to , sf rbo , sf admin tools , sf restrict , sf user , LOD-SF-PLT-PRX , Proxy , How To