SAP Best Practices for HCM EhP5 Package F02- Personnel Administration: Configuration Guide

SuccessFactors Compensation1405
October 2014
EnglishEnglish / SuccessFactors Compensation: Role Based Permission (FI5)
SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany / Building Block Configuration Guide

© SAP SE Page 2 of 3

SAP Best Practices SuccessFactors Compensation: Role Based Permission (FI5): Configuration Guide

Copyright

© 2014 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.


Icons

Icon / Meaning
/ Caution
/ Example
/ Note
/ Recommendation
/ Syntax

Typographic Conventions

Type Style / Description
Example text / Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths and options.
Cross-references to other documentation.
Example text / Emphasized words or phrases in body text, titles of graphics and tables.
EXAMPLE TEXT / Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example, SELECT and INCLUDE.
Example text / Screen output. This includes file and directory names and their paths, messages, source code, names of variables and parameters as well as names of installation, upgrade and database tools.
EXAMPLE TEXT / Keys on the keyboard, for example, function keys (such as F2) or the ENTER key.
Example text / Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation.
<Example text> / Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries.


Contents

1 Purpose 5

1.1 Using the Configuration Guide 5

2 Basic Settings 5

3 Prerequisites 5

3.1 Activating RBP in Provisioning 6

3.1.1 Manage Permission Groups and Role for Admin User 6

3.1.2 Managing Employee Import 8

3.1.3 Managing Permission Groups 9

3.1.4 Managing Permission Roles 10

3.1.5 Creating User IDs 14


SuccessFactors Compensation: Role Based Permission

1  Purpose

This document describes the configuration steps that have to be done in SuccessFactors to implement Role Based Permissions (RBP) for Compensation.

Role-based permission management is a way of managing your permissions. The role-based permission framework allows you to have as many roles in the system as your company requires while at the same time granting each role a different level of permission granularity.

RBP grants permissions to assigned roles. The following roles are delivered in this Packaged Solution:

·  Compensation Administrator

·  Manager

·  Employee (for access to Employee Profile)

·  Compensation Planner

·  System Administrator (Admin User)

·  SAP API User

1.1  Using the Configuration Guide

This document is set up to support SAP Talent Hybrid customers who are implementing SuccessFactors Compensation integrated with SAP ERP HCM.

Note: Role Based Permissions (RBP) should only be activated once all configuration guides have been fully completed.

Please note the configurations included in this guide are based on the US country version. To include other country requirements the country specific configurations will need to be added.

2  Basic Settings

In this section of the document, the steps to set up RBP are detailed for this Packaged Solution.

2.1  Prerequisites

Before you start installing this scenario, you must install the prerequisite building blocks. For more information, see the Building Block Prerequisites Matrix for this Packaged Solution. You will find this document in the content library, attached to the Step-by-Step Guide.

Further in order to complete this CFG ensure all the activities in the Quick Guide have been completed.

It is important to note that in order to perform some of the steps within this guide; the implementer is required to have completed the SuccessFactors Intro to Mastery and the SuccessFactors Compensation Mastery training. Thus, this documentation is written with an assumption that its audience is familiar with the SuccessFactors Compensation solution. Additionally, the consultant must also have access to the Provisioning environment for the customer. Follow the procedures from SuccessFactors in order to obtain provisioning access to the Customer’s system according to the Partner Portal site.

2.2  Activating RBP in Provisioning

Use

In this activity, the RBP is activated in the SuccessFactors Provisioning system.

To access the provisioning system:

To access the SuccessFactors provisioning system see the example link below. The link will differ based on the server name for the customer system.

https:// performancemanager8.successfactors.com/provisioning_login

Procedure

1.  Select the company name for which RBP should be activated.

2.  Select Company Settings

3.  Activate Role Based Permissions by selecting a check box for Role-based Permission (This will disable Administrative Domains)

4.  Select the “Save Feature” button to save the setting for activating RBP.

2.2.1  Manage Permission Groups and the Role for Admin User

Use

Once RBP is activated the Admin user permissions created initially as part of the Quick Guide are no longer valid. The Admin user must be reset with RBP permissions in order to complete the remaining steps.

Procedure

1.  Go to Administration Tools. In the Manage Employees portlet, select. Set User Permissions

2.  In the Set User Permissions section, select Manage Role-Based Permission Access. The Manage Role-Based Permission Access page opens.

3.  Choose Add User

4.  In the username field enter the Admin user name and press Search.

5.  Select the Admin Username in the Search User portlet and press the Grant Permissions button. Your Admin user now has access to maintain role based permissions.

6.  Go to Administration Tools. In the Manage Employees portlet, select. Set User Permissions.

7.  In the Set User Permissions section, select Manage Permission Groups. The Manage Permission Groups page opens.

8.  Choose the Create New button to create a new Permission Group. The Permission Group page opens.

9.  In the Group Name field, provide a name for the following Permission Groups:

a.  Admin

10.  In the Choose Group Members section, choose the Pick a Category dropdown menu and select a category if further categories are required. These categories help you define the group. For a list of categories, check out the section Permission Group Categories in the Managing Permission Groups section of this guide.

11.  Select Username and enter the Admin user name

12.  Choose the Done button after making your selection.

13.  The Permission Group is now listed along with other existing Permission Groups on the Manage Permission Groups page described in step1

14.  Go to Administration Tools. In the Manage Employees portlet, select. Set User Permissions.

15.  In the Set User Permissions section, select Manage Permission Roles. The Manage Permission Roles page opens

16.  Choose the Create New button to add a permission role. The Permission Role Detail page opens.

17.  In the Role Name field, type a name describing what the role allows you to do.

18.  Create the following roles:

a.  Administrators

19.  In the Description field provide a statement describing what the role allows. When thinking of a name for the role, think about what the role allows the group

20.  In the Permission Settings section, choose the Permission button to specify the permission you want to assign to the role. The Permission Settings window opens.

21.  On the left side of the page, you'll see the different permission categories. Choose a permission category to reveal the different permissions. Make the following selections and select the Select All check box for the following user permissions in the table below:

22.  Select the Done button when all the permissions have been completed

23.  Choose the Add button under 3. Grant this role to specify the permission group to be granted the role and specify the target population:

24.  From the Grant Role to dropdown list, select Permission Group.

25.  Choose the Select button to specify the permission group to be granted the role. The Select Groups page opens.

26.  In the permission group field, type the name of the permission group to be granted. Choose the Search icon (magnifying lens) to search for the group. The page gets updated with the search results. Assign to the Admin group created in the permissions group step above.

27.  Select the checkbox against the group name and choose Done. The group name gets added to the Selected Groups column.

28.  Select Everyone for the Target population.

29.  Choose the Done button to assign this role to the permission group as listed in the table below.

30.  You are taken back to the Permission Role Detail page.

31.  Choose the Save Changes button to complete creating the role. If you choose Cancel at this stage, the role will not be created.

32.  Once this role is successfully created, the new role will be listed on the Permission Role List.

Role / User Permissions / Administrator Permissions / Permission Groups / Target Population
Administrator / Objectives – Select All
Career Development Planning – Select All
Compensation – Select All
Employee Data – Select All
Employee views – Select All
General User Permission – Select All
Recruiting Permissions – Select All
Reports Permissions – Select All
Succession Planners – Select All / Manage Career Development – Select All
Manage Compensation – Select All
Manage Competencies and Skills – Select All
Manage Dashboards/Reports – Select All
Manage Documents – Select All
Manage Form Templates – Select All
Manage integration tools – Select All
Manage Recruiting - Select All
Manage Succession – Select All
Manage system properties – Select All
Manage User – Select All
Manage Variable Pay – Select All
Employee Central API – Select All
Manage Talent Card – Select All / Admin / Everyone

Note: For the Administrator role, we have enabled access to all areas within SuccessFactors although not all may be used. If you want to restrict access to Compensation only (or other specific areas) then only flag the relevant check boxes when performing this task.

2.2.2  Managing Employee Import

Use

In this activity, permissions for the System Administrator user to import employee data into the SuccessFactors system must be set in order to import employee data.

Ensure the Admin user is assigned to the correct job code. You can use the Admin created as part of the Quick guide initial steps. If you wish to create a new Admin as part of RBP then step 2.2.5 Creating User IDs will need to be created first.

Please note- If using the SAP ERP HCM and SuccessFactors integration rapid deployment solution the SAP API user permissions to import employee data needs to be set.

Procedure

1.  Go to Administration Tools. In the Manage Employees portlet, select. Set User Permissions> Manage Employee Import

2.  Select the Search Users button

3.  For the Admin and/or SAP API users created make the following selections:

a.  Manage employee import

b.  All Divisions

c.  All Departments

d.  All Locations

2.2.3  Managing Permission Groups

Use

In a role-based security framework, Permission Groups are used to define groups of employees that have a set group of permissions. For example, you might have a Permission Group called Managers which would list all managers who have access to compensation information.

Groups are also used to define the target population a granted user has access to. For managers this would be the employees who report to them. Permission groups allow you to group a set of employees that match a predefined condition. A condition may be determined by a single parameter or multiple parameters. For example, if you want to create a group of HR employees, you'd create a group where Department = HR. To make the condition even more specific, you can specify multiple conditions. For example HR employees in the US. To create this group, you'll create a group with the following parameters — Department = HR and Location = US.

Procedure

1.  Go to Administration Tools. In the Manage Employees portlet, select. Set User Permissions.

2.  In the Set User Permissions section, select Manage Permission Groups. The Manage Permission Groups page opens.

3.  Choose the Create New button to create a new Permission Group. The Permission Group page opens.

4.  In the Group Name field, provide a name for the following Permission Groups: