2355080 - Manager Report with Person Context not reflecting the expected Restrictions for Time Account data

SAP Knowledge Base Article - Public

2355080 - Manager Report with Person Context not reflecting the expected Restrictions for Time Account data

Symptom

You’ve created a report with Advanced Reporting based on Time Account objects and used the Person Context functionality to shows only the data of the direct reports of the logged in Manager.

When the Managers run the report and change the 'Select values to filter' selection they can view Time Account data for employees which are not part of their team. e.g. not direct reports.

The report restrictions correctly applies if the default People Context selection is used by just selecting done on the pop up screen.   

Filter selector.jpg

Reproducing the Issue

  1. Analytics – Analytics then Advanced Reporting
  2. Create a new report/query based on Time Account & Global information objects
    • Query Time account.jpg
  3. For the Person Context choose the 'All descendants to distance' and distance 1 for the Logged In User as below:
    • Person Context.jpg
  4. Save the query and create a report on it.
  5. Add the report to the Menu & Share the report to allow the Manager (for this example Carla Grant) to access the report.
  6. The manager can then run the shared reports in order to see his/her team data.
  7. From the People Scope Selector everything works as expected when the default selection (Select values to filter) is used as it will just use the Logged in User selection.
  8. If you change the default selection via the 'Select values to filter' you are able to select any other User or Manager.
    • Selct Value to filter.jpg
    • For this example, the current logged in Manager (Carla Grant) can select the Manager Carl Hughes from the list or his direct reports. People Selector scope1.jpg
    • Carla Grant is also able to view the data for Benjamin Kelly even if she is not her Manager.  
    • Balance LEave.jpg
  9. The expected behaviour is that the Manager/Logged In User, Carla Grant in this case, should see data only for their own team (direct reports) and get an empty report for any other user as shown below.
    • No Data.jpg

Resolution

In this example the Manager's report data was not restricted as per the portlet (Employee Files - Time OFF) because the Time Account Objects were not configured with the correct RBP permissions and security settings.

In order for the Advanced Report to restrict the data on role Based Permission (RBP) the following configuration is recommended:

  1. From the Admin Center search for Configure Object Definitions and select Object Definitions then Time Account from the drop down
  2. Make sure the userId field is mandatory by clicking on userId Details and selecting Required = Yes from the list as below.
    • user id required.jpg
  3. From the Security section the following needs to be selected:
    • Secured: Yes
    • Permission Category: Misc. Permissions
    • RBP Subject User Field: userId
    • Security settings.jpg
  4. Save the settings.
  5. The RBP permission will now apply to the created Report for Managers and restrict the data accordingly.

NOTE: The changes to the Metadata Framework (MDF) Objects may not apply to Advanced Reporting until an MDF objects refresh is performed. You can request it to the Analytics Support Team. 

Keywords

KBA , mdf , time account , person context , rbp permission , advanced reporting , LOD-SF-ANA-ORD , Online Report Designer , Problem

Product

SAP SuccessFactors HCM Core 1605