Human Capital Management Blog Posts by SAP
Get insider info on SAP SuccessFactors HCM suite for core HR and payroll, time and attendance, talent management, employee experience management, and more in this SAP blog.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SuccessFactors Joule - Transaction, Navigational, RBP, Groups - How is this connected?

jenny_geipel
Product and Topic Expert
Product and Topic Expert
3 weeks ago
877

Welcome, SuccessFactors Admins!

If you’re reading this, you’re likely curious about how Joule can enhance your SuccessFactors experience and how SF Permissions and group assignments impact its use cases. This blog post is designed to provide you with a comprehensive understanding of Joule and its implications for both navigational and transactional use cases within SuccessFactors.

Through this post, we’ll delve into the fundamentals of Joule, explore the relationship between SF Permissions and Joule’s capabilities.

 

~~~~~~ Navigational Use Cases ~~~~~~ 
Navigational Use Cases helps your end users to navigate through the systems (incl. SuccessFactors). It can provide information to the end user but mostly they provide LINKS to applications.

But how does Joule knows for what SF applications you have permissions? Joule reacts in RBP and based on the RBP we know that deep links are allowed for the end user.

Let us have a look to an example and let us pick a pure navigational case: "Show the org chart".

How it should look like:

jenny_geipel_16-1747907699020.png

Here we have a pure navigation - so based on my permissions Joule knows I'm allowed to open the org chart application and creates the link.

RBP's I need for this:

jenny_geipel_17-1747907717937.png

 

In the background - via the Refresh Synthetic Group Data Job, this user is assigned to a specific deep link permission group.

jenny_geipel_18-1747907728543.png

 

You can find this deep link groups here (Data Inspector -> Entry: Table_Users_Group)

jenny_geipel_19-1747907737724.png

 

In this list we are able find one group that indicates the access to the org chart "deepLinkActivationPermission_org_chart_view_org_chart"

jenny_geipel_20-1747907765468.png

 

As you can see on the screen shot this deep link role is assigned to 520 users.

The technical ID of this group is 7953 on this demo system.

 

During the Joule set up you have implemented an IPS Synch Job that synchs users and user assignments to WorkZone. In the settings for this IPS Job we have a filter in our source system to select only groups that are related to the deep link groups.

jenny_geipel_21-1747907778590.png

With this setting we makes sure, that we send only this group assignments to WorkZone (for Joule) that are relevant for deep link and navigation.

After running the Synch Job you can find the User-Group assignment in WorkZone. And here we should be able to find our group Id for the org chart deep link.

If I check my user, you can see a lot of assigned groups in WorkZone:

jenny_geipel_22-1747907795840.png

 

And here we see also our SuccessFactors Group for the org chart deep link:

jenny_geipel_23-1747907804385.png

 

Because we have the permission for this deep link, Joule shows us the link.

 

Let us have a look to an other example and let us pick a navigational case that also provides information: "Show my manager”.

This use case is a combination of:

- show information based on API Response

- generate the deep link to the user profile based on deep link permissions

 

What I often see is the following result:

As you can see, we see the name of the manager (API based) but not the button to navigate to the profile.

jenny_geipel_24-1747907823504.png

 

In this case the navigation them self is not established correctly.

So even the permission to access people profile is missing or the refresh synthetic group date job and/or the IPS job has not yet transferred the permission.

So to double check what is wrong, to the following checks:

  1. make sure the user has RBP based permission to people profile
  2. check what Group ID is generated for the people profile
  3. check if your user has this group assigned in WorkZone

jenny_geipel_27-1747907912940.png

 

In case the group is not assigned but RBPs are ok, re-run the SF Job and the IPS Job the get the user updated.

In case the group is assigned, and you can find it, the navigation should work.

jenny_geipel_28-1747907923125.png

 

~~~~~~ Transactional Use Cases ~~~~~~ 

Transactional Use Cases allows your users to start transactions and process to generate, change, maintain data. Here we do not use this deep link groups. we stick to the APIs we are calling and to the results of the APIs.

We have the most transaction Use Cases in EC - please have a look to the blog post SuccessFactors Joule - Joule and EC Quick Actions - SAP Community to understand how EC, Quick Actions and EC RBPs are connected to Joule.

Here I want to highlight the Platform related transactional use cases to explain the relationship between Joule results and RBP. Please have a look to the overview of Platform Use Cases | SAP Help Portal.

Let us pick one "Show my department".

Show department is a pure platform use case (not an EC use case). So, we try to fetch the data from the Live Profile User / Employee Data NOT from JobInformation. Means, users need permission to see the department via Employee Data.

jenny_geipel_29-1747907945732.png

Please have in mind: In case you have EC the information from the JobProfile is synched via HRIS Synch to the Employee Data.

jenny_geipel_30-1747907956870.png

 

In case users have the permission, Joule will answer with my department details.

jenny_geipel_32-1747907976201.png

 

In case we do not have permissions, Joule will tell you, that Joule can't help because of missing configuration or permission. This is a typical answer in case the API response is empty.

 

One special hint on Joule scenarios using EC Quick actions. Quick actions respects your RBPs. So only people with access to a quick action can run the Joule scenario. Even the field level permissions are respected.

BUT if your user has the permission "Employee Central Foundation OData API (read-only)" this field lever permission is ignored. So plase make sure the end users has not to much permissions. 3458083 - Employee Central Quick Actions do not respect field-level permission

 

 

Other related blog posts:

SuccessFactors Joule - Joule and EC Quick Actions