www.sap.

com

Administrator Training Guide

SAP SuccessFactors
Learning – Security
SAP SE Copyrights and Trademarks
© 2018 SAP SE. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express
permission of SAP SE. The information contained herein may be changed without prior notice.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other
software vendors.

 Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
 IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System
z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS,
S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture,
POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes,
BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2,
Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are
trademarks or registered trademarks of IBM Corporation.
 Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
 Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of
Adobe Systems Incorporated in the United States and/or other countries.
 Oracle is a registered trademark of Oracle Corporation
 UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
 Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks
or registered trademarks of Citrix Systems, Inc.
 HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web
Consortium, Massachusetts Institute of Technology.
 Java is a registered trademark of Sun Microsystems, Inc.
 LabNetscape.
 SAP, SAP Fiori, SAP SAPUI5, R/3, SAP Fiori, SAP NW Gateway, SAP NetWeaver, Duet, PartnerEdge, ByDesign,
SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries.
 Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web
Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is
an SAP company.
 Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and
services mentioned herein as well as their respective logos are trademarks or registered trademarks of
Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in
this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP SE and its
affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any
kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only
warranties for SAP Group products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
 SAP SUCCESSFACTORS LEARNING – 3

SAP SuccessFactors Learning – Security

SECURITY....................................................................................................................................................... 5
About this Handbook..................................................................................................................................... 5
Course Introduction....................................................................................................................................... 6
Overview........................................................................................................................................................... 6
Course Objectives............................................................................................................................................ 6
Target Audience............................................................................................................................................... 6
Assumptions..................................................................................................................................................... 6
Administrator Role and Workflows............................................................................................................... 6
Using this Guide............................................................................................................................................... 6
SAP SuccessFactors Community..................................................................................................................... 7
Additional Resources........................................................................................................................................ 8
Administrator Security................................................................................................................................... 8
Lesson 1 – SAP SuccessFactors Learning Security Model Overview..............................................................8
Lesson Overview.............................................................................................................................................. 8
Objective........................................................................................................................................................... 8
Security Model Overview.................................................................................................................................. 8
Knowledge Check........................................................................................................................................... 10
Conclusion...................................................................................................................................................... 10
Lesson 2 – Domains....................................................................................................................................... 10
Lesson Overview............................................................................................................................................ 10
Objective......................................................................................................................................................... 10
Domains Overview.......................................................................................................................................... 10
Exercise 2-1: Create Domain Structure.......................................................................................................... 11
Domain Connector.......................................................................................................................................... 13
Working with Domain Type Entities................................................................................................................ 14
Exercise 2-2: Associate a Domain Type Entity to a Domain...........................................................................14
Conclusion...................................................................................................................................................... 15
Knowledge Check........................................................................................................................................... 15
Lesson 3 – Domain Restrictions..................................................................................................................... 15
Lesson Overview............................................................................................................................................ 15
Objective......................................................................................................................................................... 15
Domain Restrictions........................................................................................................................................ 15
Exercise 3-1: Create a Domain Restriction..................................................................................................... 16
Public Domain................................................................................................................................................ 18
Conclusion...................................................................................................................................................... 18
Knowledge Check........................................................................................................................................... 18
Lesson 4 – Role Management........................................................................................................................ 18
Lesson Overview............................................................................................................................................ 18
Objective......................................................................................................................................................... 18
Role Management Overview.......................................................................................................................... 19
Admin Role Management............................................................................................................................... 20
Exercise 4-1: Create Admin Role Template.................................................................................................... 21
Exercise 4-2: Apply Domain Restrictions........................................................................................................ 23
Exercise 4-3: Create Admin Record............................................................................................................... 25
Knowledge Check........................................................................................................................................... 28
User Role Management.................................................................................................................................. 28
Exercise 4-4: Create User Role Template...................................................................................................... 29
Exercise 4-5: Create User Record.................................................................................................................. 30
Assigning User Role to a User........................................................................................................................ 32
User Role with Supervisor Workflows............................................................................................................. 32
User Proxy Role............................................................................................................................................. 33

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 4
Knowledge Check........................................................................................................................................... 34
Instructor Role Management.......................................................................................................................... 34
Exercise 4-6: Create Instructor Role Template............................................................................................... 35
Exercise 4-7: Create an Instructor Account.................................................................................................... 36
Knowledge Check........................................................................................................................................... 38
Conclusion...................................................................................................................................................... 39
Appendix A – Workflows................................................................................................................................. 39
Appendix A – Workflows................................................................................................................................. 39
Appendix B – Import Tool............................................................................................................................... 42
Appendix B – Import Tool............................................................................................................................... 42

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 5

Security
About this Handbook
This handbook is intended to complement the instructor-led presentation of this course,
and serve as a source of reference. American English is the standard used in this
handbook. The following typographic conventions are also used:

Use Example / Visualization

Demonstration by Instructor
A hint or advanced detail is shown or clarified by
the instructor – please indicate reaching any of
these points to the instructor.
Warning or Caution
A word of caution – generally used to point out
limitations or actions with potential negative
impact that need to be considered consciously.
Hint
A hint, tip or additional detail that helps increate
performance of the solution or help improve
understanding of the solution.
Additional information
An indicator for pointing to additional information
or technique beyond the scope of the exercise but
of potential interest to the participant.
Discussion/Group Exercise
Used to indicate that collaboration is required to
conclude a given exercise. Collaboration can be a
discussion or a virtual collaboration.

User Interface Text Find the Flavor Gallery button

E.g. Flavors are transaction specific

screen personalization created and
Solution or SAP Specific term
rendered using SAP Screen
Personas.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 6

Course Introduction
Overview
Through discussion, demonstration, and hands-on computer exercises, this course
teaches you how to create and manage the Security Model in SAP
SuccessFactors Learning.

Certain features covered in this guide may not be enabled in your company’s
environment. If you see screenshots in this guide that do not match your
company’s configuration, please skip the feature/lesson.

Course Objectives
Upon completion of this unit, you will be able to:

 Describe the SAP SuccessFactors Learning Security model

 Create Domains and Domain Restrictions
 Build Admin, User, and Instructor Roles

Target Audience
This course is intended for SuccessFactors administrators (admins) responsible for
creating and maintaining the security system in SAP SuccessFactors Learning.

Assumptions
Administrator Role and Workflows
This training assumes that your SAP SuccessFactors Learning administrator role is
associated with all available workflows in the system. If your role does not include certain
workflows, those tabs and pages will be grayed out and/or inaccessible.

Some screenshots and certain features covered in this guide may not be
enabled in your company’s environment. Please note that major configuration
changes will need to go through Professional Services, as System
Administrators do not have access to enable certain features.
Using this Guide
This handbook is intended to complement the instructor-led presentation of this course,
and serve as a source of reference. American English is the standard used in this
handbook. The following typographic conventions are also used:

Use Example / Visualization

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 7

Use Example / Visualization

Demonstration by Instructor
A hint or advanced detail is shown or
clarified by the instructor –
please indicate reaching any of these
points to the instructor

Warning or Caution
A word of caution – generally used to
point out limitations or actions
with potential negative impact that need
to be considered consciously

Hint
A hint, tip or additional detail that helps
increate performance of the solution or
help improve understanding of the
solution

Additional information
An indicator for pointing to additional
information or technique beyond the
scope of the exercise but of potential
interest to the participant

Discussion/Group Exercise
Used to indicate that collaboration is
required to conclude a given
exercise. Collaboration can be a
discussion or a virtual collaboration.

User Interface Text

Find the Flavor Gallery button

Solution or SAP Specific term E.g. Flavors are transaction specific screen
personalization created and rendered using
SAP Screen Personas.

SAP SuccessFactors Community

Customer Community is your one-stop shop for support, quick answers, product training
and quarterly release updates. You may also post ideas for enhancements on product-
specific Q&A boards, and "Kudo" other ideas that you like. Enhancement ideas with the
most kudos often become part of the product roadmap for future releases.

https://community.successfactors.com/

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 8

Additional Resources
For more information about SAP SuccessFactors, refer to these resources:

Main Website http://www.SuccessFactors.com

https://community.successfactors.com/t5/SA
SAP SuccessFactors Process Library P-SuccessFactors-Process/ct-
p/ProcessLibrary
Training and Certification Shop https://training.sap.com/shop/learninghub
SAP SuccessFactors HCM Suite Help
Portal http://help.sap.com/cloud4hr
https://help.sap.com/viewer/
SAP SuccessFactors HCM Suite Help dfb1d0f450a24a
Portal – Security model in Learning 4084652266c871ecfd/1708/en-
US/75ce1577d7e0441ea9047ea3a4db0816
.html

Administrator Security
Lesson 1 – SAP SuccessFactors Learning Security Model Overview
Lesson Overview
The goal of this lesson is to establish a general understanding of the concepts and
terminology associated with the Security Model in SAP SuccessFactors Learning.

Objective

Upon completion of this lesson, you will be able to:

 Describe the SAP SuccessFactors Learning Security model

 List the steps used to implement the SAP SuccessFactors Learning Security model

Security Model Overview

SAP SuccessFactors Learning security works differently from the core SAP
SuccessFactors Role Based Permissions (RBP) model, therefore they need to be
configured separately. Within RBP, Users can be granted access to the Learning system
menu option to launch the system as a User. RBP may also be used to grant access to
the Admin Center tool for Learning Administration so that Admins may launch the
administration side of the system.. Once they launch the SuccessFactors Learning
module, their permissions within the user-side and/or admin-side of the system will be
controlled entirely by the Learning security model.

In the SAP SuccessFactors Learning, the Security model is a combination of Roles,

Workflows, Domains, and Domain Restrictions.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 9

Term Definition

An area in our security structure where entities are placed when we need to
restrict access to them for some admins and not others.

One example may be a Corporate domain which may contain Catalogs,

Domain
Assignment Profiles, Admin and other security-related entities. Another
example may be regional domains that contain the learning records such as
Items, Curricula, Programs, and Offerings that are specific to the admins in
that region.
A group of one or more domains that, when applied to the workflows in an
admin role, will control where the admin may perform those workflows.
Domain
For example, a Domain Restriction called “Europe-All” may include the
Restrictions
domains of France, UK, and Germany (as well as others). When applied to
the workflows in a role that pertain to user records, the admin will only be
able to perform those workflows for user records in the Europe domains.
A single permission comprised of a function (add, delete, copy, edit, search,
etc.) and an entity (user, item, curriculum, instructor, assignment profile,
etc.) If a role contains a certain permission, the
Workflow
Examples: Add User, Search Item, Edit Curriculum, Copy Assignment
Profile.
A list of workflows (permissions) that are grouped together and associated
to the instructor, user, and admin entities. These workflows allow access to
Role
menus, links, and tiles. For admin roles, domain restrictions may be applied
to workflows in the role to permit access only to certain domains of records.

Once the users are imported from SAP SuccessFactors system (or any other HR
Management System), they are assigned to a security Role that is specific to the Learning
system (Admin, User, Instructor). The admin, user and/or instructor role assignment can
be accomplished during a connector job, an assignment profile, import tool, or manual
update in the admin, user or instructor record.

Each type of Role contains a list of Workflows that determine what functions that particular
role can perform. Depending on the organization, different Admin, User or Instructor roles
may be created to meet their specific needs/requirements. These roles can be copied,
customized and applied to the Admin, User or Instructor record for access to the Learning
system tools and features, depending on the needs .

In addition to that, Learning Security model allows to control Admin access to a specific
data stored in the Learning system. If the Customer would like to restrict Admins to be able
to work with certain data only (for example, Admins working in North America should have

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

access to data created for North America region only), they would need to build Domains
and Domain Restrictions, and assign the Domain Restrictions to Admin roles accordingly.

Knowledge Check
Use what you learned in this Module to answer the following questions.

1. True or false: The Role Based Permission grants access to Learning module and
to its basic functionalities.
A. True
B. False
2. Which of the following are entities in the system that are part of the security model?
A. Roles
B. Groups
C. Domains and Domain Restrictions
D. Workflows
E. Permissions
Conclusion
In this lesson, you were introduced to the concepts and terminology associated with the
Security Model in SAP SuccessFactors Learning.

You should now be able to:

 Describe the SAP SuccessFactors Learning Security model

 List the steps used to implement the SAP SuccessFactors Learning Security model

Lesson 2 – Domains
Lesson Overview
The goal of this lesson is to understand the use of Domains in SAP SuccessFactors
Learning security.

Objective

Upon completion of this lesson, you will be able to:

 Explain Domains and their purpose

 Create a Domain structure in SAP SuccessFactors Learning
 Describe the purpose of Domain Type entities and how they are used

Domains Overview
The use of domains is an important part of the security strategy. When a new entity (i.e.
Item, Curricula, Assignment Profile, etc.) is added to the Learning system, an Admin has to
select a Domain where that entity will reside. This will allow you to keep the data
organized, and more importantly it will help to determine which Admins can access what
data elements (with the use of Domain Restrictions – more information in Lesson 3).

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

Domain structure should be complex enough to meet security needs but not so complex
that it is difficult to maintain. The domain structure should primarily be determined by the
complexity, delegation, and distribution of administrators.

NOTE: As a best practice, do not create more levels of Domains than are actually needed.

Typical domain structures represent the organization or regional structure.

Exercise 2-1: Create Domain Structure

1. Navigate to System Admin > Security > select Domains.

2. Click Add New link to create a new domain

3. Select the “Add Root Level Domain” radio button to create a parent Domain.
Next complete Domain ID and Description fields. Click Add

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

4. Once Domain record is added to the Learning system, you can still change the
Domain description, as well as the hierarchical structure between Domains. The
Select Parent Domain option allows you to choose a domain for which no hierarchical
structure was created yet or an existing parent domain, and build a new relationship
between domains.
NOTE: Information about the Domain Types tab can be found in Lesson 2-2.
5. Repeat the exercise to create a sub Domain: from the Domain record click the
Add New link.

6. Choose “Add Sub Domain” and select a domain that you want to be the
Parent Domain. Complete the Sub Domain ID and Description fields.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

7. Once you create a Domain structure, you can review it from the Parent
Domain record. Find the Parent Domain and expand the view under Domain ID.

NOTE: The Domain Level starts from 0 which corresponds to the root-level Domain. The
system increments each subsequent subdomain by one.

Domain Connector
The SAP SuccessFactors Learning allows to add Domain records to be added to the
system as part of the Domain Connector job. First, an Admin would need to download the

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

Domain template (System Admin > Tools > Download Connector Template and select
Domain Connector as TXT file) and complete it. There are three types of information that
the Domain template supports: Domain ID, Domain Description, and Parent Domain ID.
This allows the Admin to create multiple Domain records, as well as build the relationship
between them by assigning a Parent Domain. For instance, when a Customer acquires six
new domains of employees, the new domains may be added to the system by the User
Connector. However, the User Connector does not put the domains into a domain tree.
Therefore, it might be necessary to use the Domain Connector.
Working with Domain Type Entities
When a new Domain is added to SAP SuccessFactors Learning, that Domain is
automatically associated with all available Domain Type entities. A Domain Type entity is a
type of record that can be added to the Learning system (i.e. Item, Equipment, Assignment
Profile, Role, etc.) and stored into Domains. There are two kinds of entities in the system:
Global references are entities that are not stored in domains but are available as part of a
global list; Domain Types are entities that are saved into specific domains.

By default, the Domain allows all of these entities to be created and saved in it. By
specifying which Domain Types are allowed to be created/moved to this domain, we can
create a more complex security model.

Exercise 2-2: Associate a Domain Type Entity to a Domain

1. Navigate to System Admin > Security > Domains and create a new
Domain (example “North-AM-Users”).
2. Select Domain Types tab and remove all Domain Types except from STUD
Domain Type. Click on Apply Changes.

3. This will remove all Domain Types from the Domain except the User Domain Type.

NOTE: The purpose of domain types is to allow or not allow certain entities to exist in
certain domains. We can have a user-only domain or a domain that contains assignment
profiles, catalogs, and admin accounts but no learning records or users.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

The domain “North-AM-Users” will remain invisible to Admins as they work with other type
of records, i.e. Items, Programs, Scheduled Offerings, etc.
Conclusion
In this lesson, you were introduced to the use of Domains in SAP SuccessFactors
Learning security.

You should now be able to:

 Explain Domains and their purpose

 Create a Domain structure in SAP SuccessFactors Learning
 Describe the purpose of Domain Type entities and how they are used

Knowledge Check
Use what you learned in this Module to answer the following questions.

1. True or false: When an Item is saved in the PUBLIC Domain, a User is able to find it.
F. True
G. False
2. Typical domain structures represent the or structure.
3. When the Item Domain Type is removed from Domain types for domain North-
America:
H. Admin cannot add items to any domain
I. Admin cannot add items to North-America domain
J. Admin cannot run a report on items saved in North-America domain
K. Admin cannot run a report on any item
Lesson 3 – Domain Restrictions
Lesson Overview
The goal of this lesson is to understand what Domain Restrictions are and how to
implement them in SAP SuccessFactors Learning.

Objective

Upon completion of this lesson, you will be able to:

 Describe Domain Restrictions and how they are used

 Create a Domain Restriction
Domain Restrictions
Domain restrictions are records that determine in which Domains an Admin may perform
workflows. For example, if the Domain Restriction North-America contains the North-Am,
North-Am-Sales, and North-Am-HR domains, Admin in roles with the North-America
domain restriction can access records that reside in North-Am, North-Am-Sales, and
North-Am-HR Domains (plus the PUBLIC Domain which is automatically added to every

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

Domain Restriction).

NOTE: If there are no Domain Restrictions applied to an Admin Role, that Admin may
access any record with their assigned Domain.

Domain restrictions can contain one or more domains. The domains selected for the
domain restriction do not have to be connected in the hierarchical structure, but there are
some patterns to customer implementations of domain restrictions:

 Family branch – an Admin is responsible for the records in Europe region,

which means the access to the records in the Europe domain and the sub
domains (Europe-Sales and Europe-HR domains)
 Sibling – an Admin is responsible for siblings on the same branch. For example,
Admin has access to the records in Europe-Sales and Europe-HR but not in the
parent domain (Europe)
 Parent-child – an Admin is responsible for parent domain and one or more child but
not the entire branch. For example, Admin has access to the records in Europe
domain and Europe-HR domain
 Mix-and-match – in this pattern, any domains are put together in a domain restriction
Exercise 3-1: Create a Domain Restriction
1. Navigate to System Admin > Security > Domain Restriction and click Add New link.
2. Complete the Domain Restriction ID and Description fields, then select in
which Domain you want to save the record.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

3. Click Add button.

4. Once the record is added, select the Domain tab to add Domains to your
Domain Restriction.

NOTE: When a Parent Domain is selected, you will have an option to include or remove
sub domains. The Sub Domain option results in a domain restriction for the parent and
child domain(s). Remember to click Apply Changes button when the necessary changes
were made.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

Public Domain
The Public domain is added to a Domain Restriction by default and cannot be removed.
Any entities that have been saved in the Public domain will be accessible by any Admin
whose role permits them to work with those entities. Therefore, since the Learning security
model specifies that all data should reside in specific domains and access to them should
be controlled through Domain Restrictions, Admins should not use the Public domain and
should always save records into more appropriate domains.

Once a Domain Restriction has been created, it can be applied to workflows in an Admin
role in order to restrict the Admin’s access to the data in only those specific domains. This
process will be described in Lesson 4.
Conclusion
In this lesson, you were introduced to Domain Restrictions and how to implement them in
SAP SuccessFactors Learning.

You should now be able to:

 Describe Domain Restrictions and how they are used

 Create a Domain Restriction

Knowledge Check
Use what you learned in this Module to answer the following questions.

1. True or false: The PUBLIC domain can be removed from a Domain Restriction.
L. True
M. False
2. What are the patterns to customer implementations of domain restrictions?
N. Sibling
O. Family branch
P. Mix-and-match
Q. Parent-Child
R. All of the above

Lesson 4 – Role Management

Lesson Overview
The goal of this lesson is to establish a general understanding of Role Management in
SAP SuccessFactors Learning.

Objective

Upon completion of this lesson, you will be able to:

 Explain the Role Management model in the SAP SuccessFactors Learning system
 List three types of Roles in the SAP SuccessFactors Learning system

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 1

 Create an Admin role and apply Domain Restrictions

 Create and assign an Admin account
 Create a User role in the SAP SuccessFactors Learning system
 Create an Instructor role in the SAP SuccessFactors Learning system
Role Management Overview
As described in Lesson 1, the SAP SuccessFactors HCM Role Based Permission model
only grants access to the Learning module to Users and only allows access to the
Learning Administration tool to Admins. Their permissions within the Learning system are
fully controlled by Workflows which are unique for each type of Role. The SAP
SuccessFactors Learning system currently supports three type of Roles: Admin, User, and
Instructor. When creating a new role template, an Admin has an option to choose which
type of Role (s)he wants to create, and then to define their access within the Learning
system by adding/removing Workflows. Workflows define a type of permission (action) and
each Role contains a set of Workflows that are specific for that Role.

In the SAP SuccessFactors Learning system, workflows are combinations of functions

(actions) and entities (see Figure 3). This security model permits a Customer to create
multiple roles for each type of Role and decide to assign each a different set of workflows.
For example, if the customer needs to support multiple types of users (full time,
contractors, vendors, customers, etc.), they might want to create a role for each type of
user and provide them different access to the user-side tiles, menus, and links. e.g.
vendors or external users will not need access to internal links or the Curriculum Status
tile.

The instructor type of role contains workflows that permit certain abilities on the instructor
view of the user side (the My Classes tab).

Admin roles may be created with different Domain Restrictions applied to the workflows in
the role. This permits admins with the same basic function the ability to perform their role
only in their areas of responsibility (domain restrictions). Each workflow can be restricted
only by one domain restriction, however, as mentioned in Lesson 3, the domain restriction
may contain multiple domains.. As shown in Figure 3, Domain Restriction “North-Am” has
been applied to Workflow “Add Users” which means that the Admin with this role will be
able to create user records in the North-Am, North-Am-Sales, North-Am-HR, and Public
domains only (see Lesson 3 Domain Restrictions, Figure 2).

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

To conclude, the SAP SuccessFactors Learning Role Management allows the customer to
build multiple roles from three types of Roles (Admin, User, Instructor), use Workflows to
determine their access features and functionalities within the Learning module, and apply
Domain Restrictions in order to limit an Admin’s access to certain data only.
Admin Role Management
Admins can have different types of responsibilities depending on the organization
requirements (internal factors) and the enterprise environment (external factors). A typical
Admin structure is built from Super Admin that has an unrestricted access to the entire
Learning system, and other Admins that access is determined by the split of roles and
responsibilities within the organization.

There are four System Default Admin Roles:

 ALL - Default Role with all permissions

 ALL_CONNECTOR - Role with connectors permissions
 ALL_PERFORMANCE - Default Role with performance permissions (used
with legacy Plateau Performance – now deprecated)
 LEARNING_ADMIN - Default Learning Admin Role

These system default roles are preconfigured with workflows and are reset with each new
release. Due to this fact, it is recommended to create new admin role templates rather
than using the system default ones. The custom role templates allow to control the exact
permissions for each of their roles. The SAP SuccessFactors Learning system allows to
create multiple Admin Roles, and if necessary to apply to them Domain Restrictions.
When admin accounts are added to the Learning system (either manually or through the
Admin Connector), one or multiple Admin roles can be assigned to an admin account. This
way you can fully control what an admin is able to perform in the system and add a new
role or remove the unnecessary one(s).

The process of creating a new Admin in SAP SuccessFactors Learning includes:

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

1. Creating Admin Role template

2. Applying Domain Restrictions (optional)
3. Creating Admin account and granting the appropriate Admin Role

NOTE: In the integrated environment, first the designated Learning administrator will need
to exist as a user within the SAP SuccessFactors HCM application. From within SAP
SuccessFactors HCM, admin permissions to access Learning Administration must be
granted to that user. After this step, an admin account within the SAP SuccessFactors
Learning instance can be created. It is important to make sure that the SAP
SuccessFactors HCM user ID is matching the admin ID created in SAP SuccessFactors
Learning.

Exercise 4-1: Create Admin Role Template

1. Navigate to System Admin > Security > Role Management and click Add New link.
2. Complete the Role ID, Description, Domain fields and select Admin in the Role Type.

3. Select Workflows tab and click Expand All to view a list of workflows that are
currently assigned to the role.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

4. By selecting check box under Remove column (1) and clicking Apply changes (2),
you remove the respective workflow from the role. If you want to give the permission
back to the role, click the “add one or more from list” link (3).

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

Exercise 4-2: Apply Domain Restrictions

Once a new role has been created and the specific workflows added/removed from it, a
domain restriction may be applied. Each workflow in the role can have a unique domain
restriction applied, however the typical approach is one domain restriction applied across
all workflows in a role.

NOTE: It is recommended that a “template” version of each role should be tested before
applying domain restrictions. In case of issues with the role, this would allow to find the
cause more efficiently. Therefore, the leading practice when working with new roles in the
SAP SuccessFactors Learning is to create a new role first, assign it to an account and test
it. If no issue occurs, apply domain restrictions.

1. Navigate to System Admin > Security > Role Management and find the role you
have previously created.
2. Select Workflows Restrictions tab and choose the Workflow ID that you want to
apply domain restriction.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

Example: Admin should be able to perform Learning Management related tasks in

domains North-Am, North-Am-Sales and North-Am-HR. From Lesson 3-1 Figure 2 you
know the access to those domains is controlled by domain restriction North-Am. Therefore
this domain restriction should be applied here.

NOTE: For some of the workflows it is possible to apply State Restrictions which refer to
the record state: active, inactive and both. This allows to specify with what type of records
an Admin can work with. If no State Restriction selected, the Admin is allowed to work with
both types of record, active and inactive.

In the SAP SuccessFactors Learning security model, the functional restrictions and
workflow restrictions inherit entity restrictions. For example, if you apply a domain
restriction to the user entity, all functions of user are also restricted. In addition, if you
apply a domain restriction to one of the entities and select “Apply to all Entities” button, all
functions as well as workflows will inherit that domain restriction.

3. Select Entity Restriction tab > choose domain restriction > check “Apply to
all Entities” radio button > click Apply changes.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

4. Now you might want to navigate to Function Restriction or Workflow Restriction

tab to verify whether the domain restriction has been applied.

Exercise 4-3: Create Admin Record

In this activity you will learn how to create an Admin record.

NOTE: For the integrated environment, remember to check first what is the user ID in SAP
SuccessFactors HCM, and use that ID when creating an admin account.

1. Navigate to System Admin > Application Admin > Admin Management and click
Add New link.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

2. Complete all the necessary fields, including Admin ID, Last Name, First Name,
Email Address, Password fields.

NOTE: By adding a User in the Related User field, an admin gains an access to user
interface of the Learning system as well.

3. Click Add button to create a new admin account.

4. Select Assigned Roles tab > click Add one or more from the list link. From
here select role(s) you want to assign to the admin account.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

NOTE: An administrator account can have multiple administrator roles assigned to their
account. In case one role is less restrictive than the other assigned to the same admin
account, the SAP SuccessFactors Learning system will give the priority to the less
restrictive role. Therefore, a good understanding of roles and workflows, as well as domain
restrictions that have been created in the system for the use of admin roles is necessary.

5. Select Preferences tab to select Locale and Time Zone.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

6. Log out from the Learning system, and login with the new Admin credentials. If
your Admin account has been associated with a User, the Home tab should display as
well.

NOTE: The Admin Connector (System Admin > Connectors) allows to mass import admin
accounts into the SAP SuccessFactors Learning system. It requires from you to prepare
the Admin Connector data file and upload it into the Learning system through the
Connector file upload.

Knowledge Check
Use what you learned in this Module to answer the following questions.

1. True or false: It is recommended to create new admin role template rather than
using the system default ones.
S. True
T. False
2. The Admin access to Learning module is granted within:
U. SAP SuccessFactors Learning > Role Management
V. SAP SuccessFactors HCM > Role Based Permission
W. SAP SuccessFactors Provisioning
X. SAP SuccessFactors HCM > Role Management
3. How many domain restrictions can be assigned to a single workflow?
Y. One
Z. Maximum two
AA. Unlimited
BB. None

User Role Management

A user is any person for whom a database record has been created, including employees,
contractors, and others for whom you wish to maintain learning records and to register for
courses. Typically there is only one User role applied to all Users in the SAP
SuccessFactors Learning system. However, if there is a need to grant different level
access to Learning menus, multiple user roles can be created and assigned to Users
accordingly (but only one User Role can be assigned to a user).

There are two System Default User Roles, and like Default Admin Roles, it is
recommended to create new user roles as the default ones have the preconfigured
workflows and are reset with each new release.

 DEFAULT USER - System Default User Role

 LEARNING_USER - System Default Learning User Role

The process of creating a new User in SAP SuccessFactors Learning includes:

1. Creating User Role template

2. Creating User account

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 2

3. Assigning the appropriate User Role to user account

NOTE: In the integrated environment, first the user data will need to exist within the SAP
SuccessFactors HCM application. From within SAP SuccessFactors HCM, user
permissions to access Learning module must be granted. In the last step, the Connector
User SuccessFactors runs and it feeds the user data from SAP SuccessFactors HCM into
SAP SuccessFactors Learning. As a result, user records are added to the SAP
SuccessFactors Learning system and based on the permissions from SAP
SuccessFactors HCM, are given access to the Learning module. This guide will only focus
on the configuration settings that needs to be performed within the SAP SuccessFactors
Learning system. More information about Role Based Permissions can be found in THR80
course.

Exercise 4-4: Create User Role Template

1. Navigate to System Admin > Security > Role Management and click Add New link.
2. Complete the Role ID, Description, Domain fields and select Admin in the Role Type.

3. Select Workflows tab and click Expand All to view a list of workflows that
are currently assigned to the role.
4. By selecting check box under Remove column (1) and clicking Apply changes (2),
you remove the respective workflow from the role. If you want to give the permission
back

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

to the role, click the

“add one or more from list” link.

NOTE: It is possible to apply Domain Restrictions to the User Role only for the workflows
related to the reporting activities and to the Jam access.
Exercise 4-5: Create User Record
As mentioned in the Lesson 4-3-1 User Role Management, user records will be added to
the SAP SuccessFactors Learning system through a regularly scheduled connector. It
might happen however that a user record must be added manually from within the
Learning system.

In this activity you will learn how to create User record.

1. Navigate to Users > User tab > click Add New link.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

2. Complete all the necessary fields, including User ID, Last Name, First Name,
Email Address, etc. Select Domain to save the user record, and choose the Role you
want to assign to the user.

3. Click Add button to create a new user account. If necessary, you may now
complete the user record with other information by clicking View All.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

Assigning User Role to a User

There are multiple ways of assigning a role to the user record:

1. User record: this is a manual method of assigning User Role to user record
(User record > Core > Role)
2. Connector: When importing users into the SAP SuccessFactors Learning system
through the Connector job, it is possible to assign a Role ID for to user records.
However, since this is a referenced field, the Role ID must exist in the Learning
system prior to Connector run. If the Role ID is invalid or there is no role assigned to
user, then the connector defaults to the value in the configuration file (System
Admin
> Configuration > System Configuration > Connectors >
sfuser.connector.defaultValue.studentRoleID)
3. Import Tool: When importing users through Import Tool, the Role field is required.
Therefore, it is not possible to import the users without specifying the Role ID.
Same as in the Connector method, the Role ID is a referenced field
4. Assignment Profile: This is another automated method of assigning Role to
users. Assignment Profile allows to create a dynamic group of users based on their
HR attributes, and assign them a specific User Role. Once saved, propagated and
scheduled (Automatic Process), the SAP SuccessFactors Learning system checks
on a scheduled basis which users match the specific criteria and assign/ remove
from them a particular User Role

User Role with Supervisor Workflows

User’s primary Supervisor is identified in the Primary Supervisor field (from within the user
record). The process of assigning Primary Supervisor can be done either manually by an
Admin (User record > Core > Primary Supervisor field) or through the connector job.

Once a user is selected as a Primary Supervisor, the SAP SuccessFactors Learning

system automatically assigns to that user Supervisor workflows. The My Employees

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

Workflow ID controls what actions Primary Supervisor can take in the SAP
SuccessFactors Learning system.

NOTE: Supervisors workflows are also controlled by the User Assumption Restriction
Rules specified in the LEARNER_SECURITY configuration file.
User Proxy Role
The User Proxy Role controls what actions a delegate supervisor can perform in the SAP
SuccessFactors Learning system. When a supervisor selects a user to act as delegate,
the supervisor can decide what rights to grant the delegate (Selected Permissions) or use
the globally defined set of rights (Predefined Permissions) which is controlled by the
workflows assigned to the USER PROXY ROLE.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

Knowledge Check
Use what you learned in this Module to answer the following questions.

1. How many System Default User Role are there in the SAP SuccessFactors
Learning system?
CC. One
DD. Two
EE. Four
2. List all available methods of assigning a role to the user record.
3. Fill in the blanks: A user’s primary Supervisor is identified in the field.
4. The User Proxy Role controls what actions:
FF.An Admin can perform when proxying as a user
GG. A Delegate can perform
HH. A Primary Supervisor can perform

Instructor Role Management

An Instructor can be any user in the SAP SuccessFactors Learning that as per his
responsibilities and role in the organization should be granted access to the Instructor
interface. It means that an Instructor logs in to the Learning module with user credentials –
there is no Instructor ID generated by the system.

The list of activities that an Instructor can perform in the SAP SuccessFactors Learning
can be found in HR861 Introduction to SAP SuccessFactors Learning guide.

There is one Default Instructor Role, and like any System Default Role, it is recommended
to create new Instructor role as the default one has the preconfigured workflows and is
reset with each new release.
 DEFAULT INSTRUCTOR - Default Instructor Role

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

The process of creating a new Instructor in SAP SuccessFactors Learning includes:

1. Creating Instructor Role template

2. Creating Instructor account
3. Assigning user to Instructor account

Exercise 4-6: Create Instructor Role Template

In this activity you will learn how to create Instructor role template.

1. Navigate to System Admin > Security > Role Management and click Add New link.
2. Complete the Role ID, Description, Domain fields and select Instructor in the
Role Type. Click Add button.

3. Select Workflows tab and click Expand All to view a list of workflows that
are currently assigned to the role.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

4. By selecting check box under Remove column and clicking Apply changes, you
remove the respective workflow from the role. If you want to give the permission back to
the role, click the “add one or
more from list" link.

NOTE: It is possible to apply Domain Restrictions to the User Role only for the Print
Roster workflow.

Exercise 4-7: Create an Instructor Account

In this activity, you will learn how to create Instructor account and assign a user to it.

1. Navigate to Learning > Instructors tab > click Add New link.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

2. Complete all the necessary fields, including Instructor ID, Last Name, First
Name, Email Address, etc. Select Domain to save the instructor record, and choose
which Instructor Role you want to
assign to the instructor.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

NOTE: At this point you can assign to an instructor account a user that you want to grant
the access to instructor interface. Once the instructor account is added to the system, you
still will be able to assign a user either from the instructor or directly from the user record.

3. Click Add button to create a new instructor account. If necessary, you may now
complete the instructor record with other information.

NOTE: It is possible to apply Domain Restrictions to the User Role only for the Print
Roster workflow.

Knowledge Check
Use what you learned in this Module to answer the following questions.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 3

1. Match the step number with the process.

Step 1 Assign user to Instructor account
Step 2 Create Instructor account
Step 3 Create Instructor Role template

2. In an integrated environment, an Instructor logs into the SAP

SuccessFactors Learning system:
A. With SAP SuccessFactors HCM User login credentials
B. With SAP SuccessFactors Learning User login credentials
C. With SAP SuccessFactors Learning Instructor login credentials
3. True or false: It is not possible to assign domain restriction to the Instructor
related workflows.
A. True
B. False
Conclusion
In this lesson, you were introduced to Role Management in SAP SuccessFactors Learning.

You should now be able to:

 Explain the Role Management model in the SAP SuccessFactors Learning system
 List three types of Roles in the SAP SuccessFactors Learning system
 Create an Admin role and apply Domain Restrictions
 Create and assign an Admin account
 Create a User role in the SAP SuccessFactors Learning system
 Create an Instructor role in the SAP SuccessFactors Learning system

Appendix A – Workflows
Appendix A – Workflows
The most recent list of Admin, User, User Proxy and Instructor workflows can be found in
the Configuration Workbook.

Another way to learn about available workflows for each of the SAP SuccessFactors
Learning roles is to check the system default roles.

In addition to that, the SAP SuccessFactors Learning system allows to export the Admin
roles in a format of Admin workflow reference.

1. Navigate to System Admin > Tools > Export Data.

2. In the Record type select Admin Role and click Next.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 4

3. On the next screen click the Add one or more from list link to search for an Admin
role. This might be any role since the goal is to download the Admin workflow reference.
.

4. Once you select Admin ID, click Next.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 4

5. Select when you want the system to run the job, and then click Finish.

6. When the status changes to Succeeded, go back to Export Data to download your
report.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 4

7. Once you download the file, in the second worksheet you will find the
Available Workflows Reference.
Appendix B – Import Tool
Appendix B – Import Tool
The Import Tool allows to mass upload different types of records. In this Appendix, we will
describe the process only for those types of records that are connected to the Security
model:

1. User: typically, the user records are added or updated with the Connector job. This
is an automated method which regularly feeds the data from the core HR system
into the Learning module, and this allows to limit the amount of incorrect data. The
Import Tool is another option to mass create (or update) user records. However,
since it requires working with an excel file, it may cause the risk of incomplete or
erroneous data. Moreover, the user template does not support certain fields that the
Connector template does, for instance HR Business Partner information.
2. Instructor: the Import Tool is the only method which allows to create instructor
accounts in a batch file. Instead of manually adding instructor accounts from
Learning > Instructors, an Admin may simply download the template, complete it
with the necessary data and import the data to the system.
3. Admin Roles: same as with the instructor accounts, the Import Tool is the only
method that allows creating and/or adding admin role templates in a batch
mode.

The process steps to upload the data with the use of Import Tool:

1. Navigate to System Admin > Tools > Import Data.

2. Select Download Template and in the Record Type select the type of the record
you want to download. Click Submit.

© Copyright. All rights

 SAP SUCCESSFACTORS LEARNING – 4

3. The file (.csv) will download on your computer.

4. Open the file and complete it with the data you want to import for the respective
type of record. For the Required fields, check the comment to verify whether this field is
referenced (if the field is
referenced, it means that the data needs to exist prior to the import).
5. When the file is ready, navigate to Import Tool > select Import Data.

In the Record Type select what type of record you want to import. In the Import Options
choose if you want to only add the records, update or add and update. Then select a file
and click Submit.

6. Select when you want the system to run the job, and then click Finish.

© Copyright. All rights

SAP SUCCESSFACTORS LEARNING – 4

7. You can check the status of the import back in the Import Tool.

© Copyright. All rights