Required Permissions
Certain operations may required specific permissions for the SuccessFactors service account. The operations are listed below along with the necessary permissions.
|
Operation |
Required permissions |
|
Test Connection |
|
|
Aggregation |
|
|
Provisioning |
Assigning Permissions to a Role In SuccessFactors
These steps provide the basic information for assigning permissions to a role in SuccessFactors. For current detailed information about role-based permissions, refer to the SuccessFactors User Assistance Documentation.
-
In the Permission Settings section, select the Permission button to specify the permission you want to assign to the role.
The Permission Settings window displays.
-
The available permission categories are listed on the left side of the page. Select a permission category to view the different available permissions.
-
Select the permissions you'd like to grant to the role.
-
Select Done when you finish marking your selections.
-
Select Save Changes.
Test Connection Permissions
|
Category |
Permission |
|
General User Permission |
SFAPI User Login |
|
Employee Central API |
Employee Central HRIS SOAP API |
Aggregation Permissions
Note
- The Manage Role-Based Permission Access permission is needed to fetch Roles and Group objects. If you do not want to provide the Manage Role-Based Permission Access permission, Roles and Groups attributes need to be removed from the account schema object.
- The Manage User to Employee Export permission does not need to be provided on the service account if you only want to aggregate users from the SuccessFactors system and not the employees. If this is the case you must add the General User Permission to Company Info Access > User Search mandatory permission.
|
Category |
Permission |
|
Manage User |
Employee Export |
|
Metadata Framework |
Admin Access to MDF OData API |
|
Manage System Properties |
Picklist Management and Picklists Mappings Set Up |
|
Employee Central API |
Employee Central Foundation OData API (read-only) |
|
Employee Central HRIS OData API (read-only) |
|
|
NA |
Manage Role-Based Permission Access |
|
General User Permission |
Company Info Access > User Search For more information, refer to Aggregating External Users. |
Provisioning Permissions
|
Category |
Permission |
|
Employee Central Import Settings |
Import Employee Data |
|
Employee Central API |
Employee Central HRIS OData API (editable) |
Providing Permissions to Service Accounts
To perform the group aggregation for the manually added group schema attributes, perform the following steps to provide the Manage Role-Based Permission Access to the service account:
-
Go to Admin Center and search for Manage Role-Based Permission Access.
-
Select Add User.
-
Search through User Name and select the required user.
-
Select Grant Permission.
Aggregating External Users
To aggregate external users, add the User Search permission to the role along with all required permissions. Once you have granted permissions to the given role, perform the following steps:
-
Go to Admin Center and search for Manage Permission Roles.
-
Select the permissions role you created.
-
Go to the grant this role to section.
-
Select Add for external target population.
-
Go to Define whom you want to grant this role permission to, and then select Permission Group.
-
Go to Specify the target population whom the above granted users have permission to access, and then in the Target Population section, select the User Type as External Onboarding User.
-
Select Everyone (External Onboarding User) .
-
Select Done and Save the changes.