SuccessFactors Human Resources

SAP Identity Management (IDM) - Roles and Privileges

SAP Identity Management (IDM) is used to track Business Roles approved for specific positions and then provisions access to SAP S/4 (Finance) and SAP SuccessFactors (HR) systems.

  • IDM assigns roles to a Position and provisions access to the employee/s who holds the position.
  • As employees transition into or out of a position, roles get automatically provisioned or removed based on the roles attached to the position.
  • Because roles are assigned to a position, the requestor needs to be aware of whether they are requesting a role for a position that is held by many employees. If a role is requested for a grouped position, everyone in the position will get the role.
  • IDM is the system of record for SAP (S4/SuccesFactors) security roles (excludes dynamic roles).
Resource Comments
Business Role Request Process Review process to understand how to request business role, approval workflow and role assignment.
Request Roles QRG Employees cannot request roles for themselves. A supervisor, designee, or business office must submit requests.  
View Assigned Roles QRG Use the IDM to view the roles assigned to a position. Role requestors should check the roles held by the position prior to submitting a request.
Review and Approve Role Requests QRG Role approvers will receive an email with a link to approve requested roles.
Resource Comments
IDM Business Role List Lists all Business Roles, Privileges included in the Business Role, Role Approvers, Role Owners, Applicable System, and a separate tab includes description of the Business Role and the type of position the role applies to.
Finance Master Roles and T Codes Displays T Codes associated with Roles by module.
Finance Separation of Duty Matrix Displays where separation of duty conflict exists when roles are combined.
SuccessFactors Separation of Duties Matrix Displays where separation of duty conflict exists when roles are combined.
Request for Separation of Duty Conflict Exception Form is completed when requesting roles that will have a separation of duty conflict. Send form as attachment  to
Role Configuration Request Form Form is completed when requesting role configuration. Send form as attachment This form is not used to assign or edit roles to positions.
Resource Comments
Supervisor Roles by User and Department

Supervisors are automatically provided privileges that allow them to create positions, create and process requisitions (to recruit vacant positions) and complete onboarding tasks, when needed. This workbook includes each user that has been assigned the supervisor role bundle.

This information is updated regularly and is current as of November 11, 2019.

Resource Comments
HR/Payroll role questions If you need assistance identifying what HR/Payroll roles are needed contact
Finance role questions If you need assistance identifying what Finance roles are needed contact
IDM Application/Pending Requests Questions related to the IDM application or outstanding role requests contact
  • SAP Identity Mgmt (IDM) - Roles and Privileges