SAP Knowledge Base Article - Public

2274351 - RBP: Include Self and Exclude self criteria when adding a rule

Symptom

Under Role Based permissions, while adding a rule, system allows to enable both the options available when Granting the Role to any Hierarchical Role". The options are below:-

  1. Include access to Granted User (Self).
  2. Exclude Granted User from having the permission access to him/herself.

Environment

SuccessFactors Cloud HCM for company using Role Based Permissions.

Reproducing the Issue

  1. Go to Manage Permission Roles.
  2. Open any listed permission role and under Permission Role Detail i.e. Grant this role to...
  3. For any rule, click Edit Granting.
  4. This will open a new window "Grant this role to...".
  5. Look for the available options: Specify the target population whom the above granted users have permission to access. This section denotes the target population on which granted users will have access.
  6. Below are the two options which are available in Granting the Role to any Hierarchical Role:
    • Option 1 - Include access to Granted User (Self).
    • Option 2 - Exclude Granted User from having the permission access to him/herself.

Scenario A:-

When the above two options are enabled, then option 2 (Exclude Granted User from having the permission access to him/herself) will override Option 1. In other words, in this scenario granted users will be excluded to have permission access on themselves.

Example: Permission to delete documents (Performance forms).

Significance of the permission: All Managers will be able to look for forms and delete them for their target population but not their own forms.

Concern: When system allows to select option 1 - Include access to Granted User (Self), it still allows to check option 2 i.e. Exclude Granted User from having the permission access to him/herself. This appears to be contradicting in nature.

RBP1.PNG

Scenario B:-

Include access to Granted User (Self) is enabled: In this option the granted users will be included to have permission access on themselves

When both the above two options are disabled, granted users will not have permission access on themselves meaning by default system considers option 2 as enabled.

Concern: If this is by default, why we have additional checkbox i.e. option 2.

RBP2.PNG

Cause

The above described scenario is as per current system design and hence it is an expected behaviour.

Resolution

  1. Scenario A:- As both the options conflicts, one of them is designed to have higher priority. Customers are requested to select one at a time meeting their respective business requirement.
  2. Scenario B:- As there is a hierarchal relationship (example - Manager and Employees), managers will by default have access to their reports and NOT for themselves. Unless we choose option 1, the manager himself will NOT be in target population.

Keywords

RBP - Role Based Permissions. , KBA , LOD-SF-PLT-RBP , Role Based Permissions , How To

Product

SAP SuccessFactors HCM Suite 1511