SAP Knowledge Base Article - Public

2229272 - User Role Search - How to check if a User has a Permission (for example Report permission)?

Symptom

You want to know if a User is able to access reporting data for a specific report or employee.

There may be different approaches to check the respective permission although the quickest one is probably by using the User Role Search function.

In fact, the User Role Search function allow to search specific roles granted to users.

You can select one or two access users, one permission, and one or no target users. The search result will display all roles that grant this permission and target user to the selected access users.

If the target user field is empty, the search result will not consider the target user. On the role detail page, the grant rules that grant the selected access user and target user are highlighted in the Grant this role to section.

Environment

  • SAP SuccessFactors HCM Core
  • Ad Hoc Reports

Reproducing the Issue

Below are some examples on how you can use the User Role Search function to check report data access:

1st Example

You want to know if the user cgrant has access to any reporting data for the user admin so you can start checking if the User cgrant has report access/permission for the user admin as follow:

  1. Admin Centre > Search for User Role Search
  2. Enter the Access User, Permission Category, Permission type and the Target User
  3. Select Search Roles. In this case the User cgrant has no access to report data for the user admin.
  4. cgrant permission.png
  5. We can check this by quickly running an Ad Hoc report created by the User cgrant.

cgrant result.png

 

2nd Example

You want to know if the user admin has access to any reporting data for the user cgrant so you can start checking if the User admin has report access/permission for the user cgrant as follow:

  • Admin Centre > Search for User Role Search
  • Enter the Access User, Permission Category, Permission type and the Target User
  • Select Search Roles. In this example, the User admin has access to report data for the user cgrant via the Role name ‘System Admin’
    1. Specifically, via the Groups/Users granted with role permission access and their targets
    • Group/User granted with role permission: System Administrators, Master
    • Target population: All        
  • Admin Permissionpng.png                
  • We can confirm this by quickly running an Ad Hoc report created by the User admin.

 admin result.png

See Also

The same approach can be used for different reports like List Views, Classic Reports etc..

Report Selection.png

You can also select multiple users in order to compare the Permission they have.

group & target.png

Keywords

permission check, report permission, user permission, authorization, role base permission, RBP , KBA , user role search , report permission , authorization , user permission , rbp , restriction , LOD-SF-ANA , Analytics & Reporting (Ad Hoc, ORD) , LOD-SF-EC , Employee Central , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-SCM , Succession Management , LOD-SF-CDP , Career Development Planning , LOD-SF-GM , SAP SF Goal Management , LOD-SF-PM , Performance Management , LOD-SF-PLT-SEC , Security & Permissions , LOD-SF-RCM , Recruiting Management , LOD-SF-CMP , Compensation Management , How To

Product

SAP SuccessFactors HCM Core all versions