Configuring field permissions

Clients can permission the visibility for each field in the profile. Fields can be hidden, read or write for candidates, and can be read or write for recruiting users. Clients may specify whether only a candidate can write to specific

SuccessFactors Recruiting Management Candidate Profile

C U S T O M E R © _{2014 SAP SE or an SAP affiliate company. All rights reserved. 139}

fields or whether defined recruiting users who are part of a dynamic group can also write to the field. Permissions can be defined based on the type of candidate (internal vs external) and on the country of the candidate. If field- permission tags do not exist in the Candidate Profile XML, the default behavior is write permission for all the fields to the candidate, and read permission for recruiting users.

8.1.9.1

Pre-requisites

● To give write permissions on one or more fields to internal recruiting users: ○ Enable Provisioning Dynamic Groups V2 (My Groups)

○ In the client instance, set up Dynamic Groups defining the users who will have write permissions to the Candidate Profile fields.

8.1.9.2

Configuration

field-permission Element within Candidate Profile Field Permissions

To configure field level permissions on the Candidate Profile, at least one field-permission element must appear below the sm-mapping section of the Candidate Profile XML template. Multiple field-permission elements can be configured within the Candidate Profile.

<field-permission type="write">

type Attribute

The field-permission element must contain a type attribute to define the level of access. <field-permission type="write">

The type attribute supports “read” or “write” values. Candidate Profile fields and background elements may be hidden from candidates by omitting them from all candidate-facing field-permission elements. Candidate Profile

role-name Element within Candidate Profile Field Permissions

The field-permission element must contain a single role-name element to define which users will be granted access.

<role-name><![CDATA[Candidate]]></role-name>

Multiple role-name elements are not supported within a single field-permission element, but will not cause an error during Provisioning validation.

CDATA Content

The allowable CDATA values for the role-name attribute are "Candidate" or "Dynamic Group". Capitalization and spacing matter; if the CDATA value is incorrect, the end users affected by the permission will not have the permission applied to them.

<role-name><![CDATA[Candidate]]></role-name>

or

<role-name group-name="Recruiters"><![CDATA[Dynamic Group]]></role-name>

Configuring the role-name element with a CDATA value of "Candidate" defines the field and background element permissions for candidates. Configuring the role-name element with a CDATA value of "Dynamic Group" defines fields and background element permissions for users defined in a Dynamic Group enabled in the client’s instance.

group-name Attribute

When setting up a Dynamic Group, the role-name element must also contain a group-name attribute defining the group the role is tied to.

<role-name group-name="Recruiters"><![CDATA[Dynamic Group]]></role-name>

country Element within Candidate Profile Field Permissions

The field-permission element must contain at least one country element. Multiple country elements are supported.

<country><![CDATA[*]]></country>

SuccessFactors Recruiting Management Candidate Profile

C U S T O M E R © _{2014 SAP SE or an SAP affiliate company. All rights reserved. 141}

CDATA Content

The country element must contain a two-digit ISO code for the applicable country or an asterisk to denote all countries, such as US, DE, UK or *.

<country><![CDATA[*]]></country>

The country element defines the field and background element permissions for candidates in a particular country, where the candidate’s country is determined by the country field on the Candidate Profile.

For this feature to function properly, the Candidate Profile must contain a field-definition with the id="country" type="picklist" where the picklist-id="country". The country picklist loaded into the instance must be the ISO standard country values . The system converts this behind the scenes into the two-character ISO country code, such as US, DE or UK. Do not tie the country field to the ISOcountry picklist; this picklist is reserved for Employee Central.

Recommendation

Add Taiwan instead of the ISO value, “Taiwan, Province of China.” This is the only exception to the general rule about using ISO values.

Source Element within Candidate Profile Field Permissions

Source element determines the type of candidate who will receive the permissions defined in the field- permissions element.

<source><![CDATA[Internal]]></source>

Allowable CDATA values for the source element are Internal, External and *. Capitalization matters — if the CDATA value is incorrect, the users affected will not have the permission applied to them.

The asterisk applies the permission settings to both internal and external candidates. Internal recruiting users will view all fields on the candidate profile even if the source element CDATA is set to Internal or External only.

field and bg-element Elements within Candidate Profile Field Permissions

Once the field-permission, role-name, country and source elements are configured, the fields and background elements affected by the permission should be added. Fields are defined using the field element, and background elements are defined using bg-element.

<field refid="homePhone"/>

<bg-element refid="outsideWorkExperience" data-field-id="*"/>

The bg-element contains both a refid attribute and a data-field-id attribute. The refid attribute can point to any background-element id attribute that already exists on the Candidate Profile XML template.

<bg-element refid="outsideWorkExperience" data-field-id="*"/>

The data-field-id attribute refers to a specific data-field within the selected background element. Typically all data- fields within a single background element are permissioned identically so the data-field-id attribute in that circumstance will be set as ="*".

<bg-element refid="outsideWorkExperience" data-field-id="*"/>

The refid attribute for both field and bg-element must point to a field-definition or background-element id

attribute that exists higher up in the Candidate Profile XML template. If the refid points to an id attribute that does not exist, an error will display upon validation:

A field with the identifier "fieldName" must appear in the document.

If a field should be hidden from a candidate, do not include the field underneath the field-permission element and it will not appear to the candidate. To hide a field, do not list it underneath the field-permission element. Fields cannot be hidden from recruiting users.

Bg-element fields cannot be conditionally hidden/displayed or set with read/write permissions.

Creating dynamic and recruiting groups with same name can cause issues. In this case the Find User lookup appears as a blank white page and the system may not select the right group when applying permissions.

8.1.9.3

XML Sample

Note that this is just an example for reference, not a recommended set of configuration. For a current Candidate Profile blueprint XML see the Professional Services Sharepoint:

https://connect.successfactors.com/professionalservices/Welcomekit/Pages/Welcome.aspx

<field-permission type="read">

<role-name group-name="Recruiters"><![CDATA[Dynamic Group]]></role-name> <country><![CDATA[*]]></country> <source><![CDATA[*]]></source> <field refid="firstName"/> <field refid="middleName"/> <field refid="lastName"/> <field refid="homePhone"/> <field refid="cellPhone"/>

<bg-element refid="insideWorkExperience" data-field-id="*"/> </field-permission>

<field-permission type="write">

<role-name group-name="Recruiters"><![CDATA[Dynamic Group]]></role-name> <country><![CDATA[*]]></country>

<source><![CDATA[*]]></source> <field refid="comments"/> <field refid="contactEmail"/>

<bg-element refid="talentPool" data-field-id="*"/> </field-permission> <field-permission type="write"> <role-name><![CDATA[Candidate]]></role-name> <country><![CDATA[*]]></country> <source><![CDATA[Internal]]></source> <field refid="division"/>

SuccessFactors Recruiting Management Candidate Profile

C U S T O M E R © _{2014 SAP SE or an SAP affiliate company. All rights reserved. 143}

<field refid="department"/> <field refid="location"/>

<bg-element refid="insideWorkExperience" data-field-id="*"/> </field-permission> <field-permission type="write"> <role-name><![CDATA[Candidate]]></role-name> <country><![CDATA[*]]></country> <source><![CDATA[External]]></source> <field refid="formerEmployee"/>

<bg-element refid="outsideWorkExperience" data-field-id="*"/> </field-permission>

Before configuring field permissions, you must enable Dynamic Groups. For more information see the Dynamic Groups [page 64] section of this guide.