SAP Knowledge Base Article - Public

2477563 - Best practices when changing Role Based Permission system settings

Symptom

For instances that have RBP eligible, customers must be careful when managing RBP rules before clicking on "Save" button.

Is there any best practices when managing such system information?

Environment

SuccessFactors Platform (PLT) - All versions

Resolution

It is critical that customers needs to change and test RBP permission's within stage instances as this may lead to users accessing confidential information in production environment by mistake. That's why it's also a best practice to keep both instances (stage and production) synchronized with the same settings. This can be done via system refresh, by CPS.

The topics below highlights the system behavior when not managing RBP properly:

- Users can access confidential forms (This applies not only for Recruiting, but for Succession and PM/GM)

- Recruiters accessing different requisition templates

- Employee accessing confidential data from other employees

 When you’re managing permission rules under RBP, it is explicit the risks associated with this type of changes.

In addition to that, it’s not possible the support engineer to conduct a thorough business analysis by checking all permission groups, permission roles and perform a detailed risk assessment based on each customer business design. Such analysis are made by partners, not Support Engineers. Support team will guide customers with the steps to fix a configuration or permission issue, but the risk assessment when managing permissions currently eligible must be made by customers. If they are hesitant to manage the permissions on their instances, they can engage a partner consultant to conduct a thorough analysis based on business design in that specific instance.

Keywords

KBA , LOD-SF-RCM , Recruiting Management , How To

Product

SAP SuccessFactors Recruiting all versions