SAP SuccessFactors Learning Implementation Considerations for Efficient Security Design
This blog post introduces you to the recently published SuccessFactors Implementation Design Principle (SFIDP) document: SAP SuccessFactors Learning Implementation Considerations for Efficient Security Design Implementation Design Principle documents are owned and managed by SAP SuccessFactors Product Management who engage and collaborate with select, interested partners along with SAP Professional Service to tap the rich implementation experience that is distilled in the document after a formalized product review process before wider publication.
This IDP explains some of the criteria that one should consider when designing a security model that is sustainable and scalable, as well as provides clarification on best practices around implementing an effective security design in the LMS.
It is common to find customers that have security issues in SuccessFactors LMS such as cumbersome maintenance, poor data quality and performance, and violations of user privacy. This can be due to the inefficiencies of the LMS security design defined previously.
To prevent these situations, it is recommended to define a flexible, maintainable, and secure security design.
The SAP SuccessFactors Learning Implementation Considerations for Efficient Security Design IDP covers these topics and it is formatted in the following way:
- General LMS Security Considerations
This chapter describes two of the major considerations which can help a customer arrive at a security design that best suits their needs: Centralized vs. Decentralized Support Model and Permissions in the Administrative Support Model.
- Domain Structures
The structure of Domains plays an important role in security and this IDP chapter goes deep into the following factors when designing a Domain structure:
Number of Root Domains
In most cases, having a single root domain with multiple domains beneath it in the hierarchy can be enough. In other cases, it may be required to have multiple root level domains to meet the administrative needs of the customer. This section covers the below examples where multiple root domains may be used:
- User Domains and Learning Object Domains
For this use case, it is recommended to have two independent domain structures with different root domains to best enable the customer to grant the appropriate access.
Learning Object Domains
- Internal and External Users
- Base Object for User Domains
Ideally, domain values for users should be part of the user feed into LMS so that changes in a user’s domain automatically assigns the user to the appropriate administrative pool. The data used for this purpose should also be relatively stable to minimize the need to make changes to learning administrative permissions to accommodate minor organizational changes.
Below is the example provided in this IDP section of a Domain structure based on geographic region and division:
Use of the PUBLIC Domain
The PUBLIC domain is a part of every Security Domain Group, and thus it is not possible to restrict access to permission on a specific entity in the PUBLIC domain given that the administrator has permission to perform that action. This section talks about how the PUBLIC domain may be used when designing a domain structure.
- Role Design
Finally, in this last chapter we can find a starting point for designing security roles from a permissions perspective. For this, we will go deep into the following topics:
- Sample Security Roles
- Use of “Add-On” Roles
- Use of the ALL Role
- Recommended Reports
This document SAP SuccessFactors Learning Implementation Considerations for Efficient Security Design had a valuable contribution from SAP SuccessFactors partners towards authoring which are Becky Walsh and Sunil Arwari from EPI USE.
We hope this blog post helped you get acquainted with the basic understanding of the concepts and use cases defined and discussed in the SF IDP. We recommend that you further explore the document for an in-depth discussion that will aid you in better product implementation, as well as help you align with the industry-leading practices. We look forward to your valuable comments/feedback/queries on this blog post.