SAP Knowledge Base Article - Public

2635970 - How to Restrict field level permissions for API access to Non Effective dated portlets/entities


In RBP, Field level permission is restricted for API user to restrict the access to the field (Eg: Local Salary) on UI. However still the 'api user' is able to fetch the 'Local Salary' (Entity - salaryLocal) information.

Sample API call : OData query :'XXXX')/salaryLocal?$format=json

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental"


SAP SuccessFactors HXM Suite


Need to disable/enable few more permissions


Follow below steps to restrict API access for specific fields.

  1. Login to SuccessFactors Instance
  2. Admin Center- Navigate to Set User permissions --> Manage Permission Roles--> Select the role (for eg: apiuser) --> click on 'Permission' under 'Permission settings' 
  3. Below are the permission settings to restrict some fields for the user role.

3.A Manage Integration Tools --> Allow Admin to Access OData API through Basic Authentication  (grant the permission)

Manage Integration Tools2.jpg

3.B Manage User --> Employee Export  (revoke the permission)

Employee Export_Out1.png

3.C General User Permission --> Company Info Access --> User Search (grant the permission)

Enable_SUer Search_out1.png

3.D Employee Data : same as the snapshot 'Employee data RBP' (revoke the permission)

Local Salary_out1.png


See Also

2316798 - How to restrict API access to specific EC portlets/entities

2956845 - How to Restrict field level permissions for API access to Effective dated EC entities


Restrict field level API access, disable field level permissions, Restrict API access , OData API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , How To


SAP SuccessFactors HCM suite all versions