The Latest Role-Based Permissions & Change History Audit of Permission Roles
SAP SuccessFactors System Administrators, are you still using the legacy version of Manage Permission Roles? With the first half release of 2022, SAP has enhanced new version of Mange Permission Roles, and all instances are upgraded with this new feature.
Users will be able to switch back and forth between the old version and new version. In this blog, I will provide some information for navigating the new version Manage permission role screen experience.
Creation of new permission role:
1.Switch to the latest Role Based Permissions.
2.Latest Role Based permissions dashboard is displayed and select create option.
3.Update the basic information at step 1 as below.
Name: Name of the role
Description: Describe the role purpose.
User Type: Select user type as employee.
RBP Only: Indicates that the role is only accessible for RBP admin for permissions- related features.
4.Step 2 is adding the permissions to the role.
Here we must select the permissions which has to be granted to the role. Check the permission categories on the left side and scroll down to select other permissions.
Now click on next after choosing the permissions.
5.Step3 is to review the information added till now to the role.
6.Now click on save. By clicking on save a pop message appears as below.
- Select Yes to assign role assignments.
- Select Not now to assign the role assignments later.
7.Option Yes will redirect to role assignment. Role assignment is add the granted and target population of the role.
8.Step1 is Basic information of the role assignment.
Name: Name of the role assignment
Description: Describe the role assignment purpose.
Target Population User Type: select employee
Status: Choose active if the role assignment is being used else inactive if not in use.
9.Step 2 is Grant access to, grants the access to the users who should perform the action. Options as below.
a. Select from the predefined roles. Example: employee, HR Managers, Managers.
b. Select All to grant permissions to everyone.
c. Select From groups, permission groups which has been created for a set of people for access.
10.Step 3 Define a target population, decides users on whom the actions must be performed. This target population options appear according to granted user selection. Choose options from below.
a. Everyone, all active users will be target population.
b. Filtered by, select group which is created in permission groups for set of people as a target.
c. Mandate to select the Exclude the granted user from having access themselves if user should get access in self.
11.Preview all the information added to the role assignment and click save.
Similarly multiple role assignments can be added to the role.
An RBP administrator can now view the change history of a permission role using the latest Role-Based Permissions. You can also compare two versions of a permission role to check which permissions are modified. This feature has been introduced for Second half release of 2022.
Choose the role to be compared for permissions modification. Then click on view history on the role.
Now select the two changed records and click on compare.
The strikethrough texts highlighted in red are removed permission. The underlined texts highlighted in green are newly added permissions.
Note: Only two records are allowed for comparison.
With this latest feature we can audit the RBP and can quickly act when data breaches happen.