2808267 - Query with navigation to User entity has the "userNav" field returning as null - OData API

You perform a query which has a navigation to the User entity and the "userNav" field returns only a "null" value. Due to this, further results that would be returned about the User entity are not returned.

• SuccessFactors HXM Suite
  • OData API

1. Perform a query which has a navigation to the User entity through the "userNav" field, for example a query on EmpJob:
   
   https://apisalesdemo4.successfactors.com/odata/v2/EmpJob?$format=json&$expand=userNav&$select=userId,location,userNav/lastName,userNav/firstName,userNav/username&$filter=userNav/userId eq '666'
   
   
2. You get a similar result:
   
   

   {
       "d": {
           "results": [
               {
                   "__metadata": {
                   "uri": "https://apisalesdemo4.successfactors.com:443/odata/v2/EmpJob(seqNumber=1L,startDate=datetime'2019-04-06T00:00:00',userId='666')",
                   "type": "SFOData.EmpJob"
               },
               "userId": "666",
               "location": "7000-0001",
               "userNav": null
               }
           ]
       }
   }

There are five possible causes, which are related to permissions assigned to the API user performing the query:

1. Missing basic permissions in User entity.
2. API user has the "Employee Export" permission enabled: the API user is trying to query a user which is not in the permission role's target population (missing row-level permission).
3. API user does NOT have the "Employee Export" permission enabled: the API user is trying to query a user which is not in the permission role's target population AND/OR some field query permissions of the User entity are missing.
4. The user being queried has status = inactive.
5. The user being queried has status = active_external_suite (onboardees).

For cause #1:

Make sure the API user has proper permissions to access data from User entity. Refer to the page Permissions for User Entity, which explains the available permissions in detail.

In summary:

• Manage User > Employee Export
  • This is the admin permission, it will grant access to all fields from User object.
• Employee Data > Employee Profile
  • This is the non-admin permission, which grant access only to the fields you select under Employee Profile section in the RBP.

For cause #2:

Make sure that, besides granting the proper permissions to the API user, the users which are being queried are included in the target population of the permission role related to the API user:

Note: As mentioned in the Permissions for User Entity page: if you have the "Employee Export" permission enabled for the API user, it will override any field-level permission and you'll have access to all the User entity's fields of the users which are in the permission role's target population, so you'll have to ensure the target population of the RBP granting this permission is including the group of users which you'll need to query.

For cause #3:

The Employee Export permission is an admin permission, and you may want to grant only non-admin permissions to your API user. In such cases, in addition to the target population as explained above, make sure that the API user has access to all required fields from User entity through the RBP below:

• Employee Data > Employee Profile

For cause #4:

In addition to the instructions from causes #1, #2 and #3, if you are querying inactive users you'll have to explicitly request for inactive users in the API by using a filter in status field. Refer to the KBA 2166571 - How to query inactive users on User entity - OData API for instructions.

For cause #5:

If the queried users are onboardees (they have status = active_external_suite), you'll have to:

1. Add the filter below in the API query:
   $filter=status in 'e'
   • 'e' means "active_external_suite"
2. Make sure that the RBP has target population configured to see onboardees, as the Help Portal Assigning External User Target Populations to Responsible Users' Permission Role explains.

Consult the following page for reference on which permissions related to the User entity are needed: Permissions for User Entity.

query, null, empty, blank, permission, access, usernav is null, userNav, UDF, user, rbp, target population, onboardee, inactive , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , Problem