Skip to Content
Author's profile photo Yeu Sheng Teo

IBP Collaboration with SAP JAM via Role-Based Permissions (RBP)

In the earlier blog SAP Jam Integration to S&OP on Cloud, the configuration steps to enable the integration of S&OP 3.0/IBP 4.0 collaboration to JAM have been described using the legacy permission framework provided with SAP SuccessFactors (SF).

In addition, there is another authorization framework provided by SF which is called the Role-Based Permissions (RBP) framework. You can read up the RBP details in this blog SuccessFactors: all you need to know about Authorizations and Security. For new customer who have subscribed to the SAP IBP onDemand, it is likely that the provisioned SF instance will be delivered with this RBP framework.

In this blog, we will describe the configuration steps that you can followed to setup the JAM using this authorization framework for the IBP collaboration.

One assumption is made here – you have already received the SF Company and Administrator User information from SAP.


1. Logon your SF cloud instance using the provided SF Administrator User (i.e. SFADMIN).

2. On the SF administration top menu, select ‘Admin Center‘ and the OneAdmin screen will be displayed. The OneAdmin screen is where the user, role and permission group objects can be maintained and assigned respectively. In the event that you could not see the OneAdmin screen like below, please search on your main screen for a link which may indicated as ‘Switch back to One Admin‘ and click on that link. You should be redirected to the OneAdmin screen subsequently.


3. Check that the JAM is provisioned with the SF Instance. Click the ‘Admin Center’ top menu and expand the drop-down list to confirm the existence of the ‘Jam’ entry. If you cannot locate this entry which indicates the SFADMIN user has no access into JAM yet, please create an incident reporting to the support team under the component ‘LOD-SF-JAM’.


4. Create the SF user for JAM collaboration. Under ‘Manage Employees’ screen section, click on the ‘Update User Information’ icon and select ‘Manage Users‘ menu entry.


(a). On the Manage Users screen, there are various options (Add New User manually or the Export/Import Users) available to ease the creation of the user data information. You can use the ‘Export Users’ function to download existing user to understand how the data columns should be populated for uploading using Microsoft Excel file. The ‘Email’ field is the important one because this email address is used for the integration between the IBP and JAM system components.


5. Create a Permission Group to collate the SF user whom is required for the IBP collaboration. Under ‘Manage Employees’ screen section, click on the ‘Set User Permissions’ icon and select ‘Manage Permission Groups’ menu entry.


6. On the Manage Permission Groups screen, click on the ‘Create New’ button to add a new group.


(a). On the Permission Group screen, provide a name for the Group (e.g. JAM Access). Pick the ‘Username‘ from the pull down category to search from the People Pool. You can also used other category to search for your required SF user.


(b). On the Search and Select Items screen, use the search function (i.e. binocular icon) to find the SF user.


(c). The final result should be a completed permission group assigned with the relevant user. The Active Group membership number indicated how many user are included in the group. The ‘Granted Permission Roles’ tab is still empty at this step because no role has been assigned yet.


7. Create a JAM role for SF user assignment. The role will allows SF user to have access into the JAM instance. Under ‘Manage Employees’ screen section, click on the ‘Set User Permissions’ icon and select ‘Manage Permission Roles’ menu entry.


(a). On the Permission Role List screen, click on the ‘Create New’ button to add a new role.


(b). On the Permission Role Detail screen, provide a role name (e.g. JAM Access) and description (e.g. JAM Access for IBP User). Next, you need to select the allowable permissions for the user. For simplicity as a guide here, it is alright to select all the checkboxes under the User Permissions section (outlined in red box below) for the non-administrative SF user. Please click on each link entry to view the checkboxes,


(c). To enable JAM access, that permission is included in the General User Permission section and you need to flag the checkbox ‘JAM Access’ mandatory.


(d). Finally, you need to grant the role to the permission group you have created from Step 6.


8. Also you can now verify that the permission group has been assigned correctly with the JAM role that was previously missing in Step 6(c).


By completing all the steps above, you are ready to enable the IBP collaboration by providing the email address of the SF user ID to the corresponding IBP application user ID. For IBP release 5.0, the email address is only maintained in the SU01 user management – communication section.

Note: There is a scheduled SF system replication job for the JAM user. As such it is recommended that you check the IBP collaboration to the JAM on the next following day.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Alecsandra Ghita
      Alecsandra Ghita

      Thank you YS, very useful document.

      I would like to add one comment for step 2 which I assume is a more recent setting. As it took me a while to find out where the import option disappeared! 😕

      Once you are in Admin Center, the default view will be the one below.

      In order to see all the user related settings, you need to press the button Switch back to One Admin which can be found in the bottom of the page.

      Default Admin.PNG

      Author's profile photo Yeu Sheng Teo
      Yeu Sheng Teo
      Blog Post Author

      Thanks for the feedback, Alecsandra. I have included that portion and hopefully no more SF screen changes comes along 🙂

      Author's profile photo Krishna Mamidipaka
      Krishna Mamidipaka


      One feedback from 5.0

      In 4.0, User email in Jam and alternative email IBP user mater record are supposed to have same values to get the link established.

      in 5.0. There is NO alternative email id. Main email id is linked to Jam email id.

      Author's profile photo Yeu Sheng Teo
      Yeu Sheng Teo
      Blog Post Author

      Thanks for the feedback, Krishna. The user management concept was overhauled in 5.0. As such the email ID is kept in the SU01 communication section as described in the last paragraph above.