SAP Knowledge Base Article - Public

2810147 - User Entity Error: "Insufficient row/field-level permissions" - OData API

Symptom

In this document we shall discuss the error code "Insufficient row/field-level permissions" which results from querying or upserting data to the User entity in the context of OData API.

The User Entity represents a user account and contains user demographic and organizational information such as a user's department, division, location, job code, manager and other details.

Row-level permissions are applied through the target population in RBP or through the Administrative Domain in user-based permission system to control which users' data can be accessed.

Field-level permissions allows users to view and edit individual fields as defined in the permission role.

Environment

  • SAP SuccessFactors HXM Suite
    • OData API

Reproducing the Issue

1. For example, upsert a user to the SuccessFactors system using an API upsert:

    https://api2.successfactors.eu/odata/v2/upsert
    
    Body:

    {

       "__metadata": {

           "uri": "User('example123')",

           "type": "SFOData.User"

       },

2. View the row/field-level permission error:

    "Insufficient row-level permissions." OR "Insufficient field-level permissions."

Cause

  • Insufficent permissions are assigned to the API user carrying out the Operation on the User Entity.

Resolution

Grant the permissions Employee Import and Export Permissions.

1. To fix the error "Insufficient row-level permissions.":

    Check the target population settings for your role, including the target population for field-level permissions.
    Alternatively, you can assign the Employee Import or Import Employee Data permission to your role.
    Row-level permission works in conjunction with field-level permissions, the Employee Export permission, or the Employee Import Permission.

2. To fix the error "Insufficient field-level permissions.":

    Check the permission settings for individual fields under Employee Data in RBP. You can grant field-level permissions in RBP under Employee Data.

A. If Admin Center > Platform Feature Settings > Enable Control on Employee Import in Role-Based Permissions is turned on, please grant permission in RBP Manage Permission Roles > Manage User > Employee Import
If Admin Center > Platform Feature Settings > Enable Control on Employee Import in Role-Based Permissions is not enabled, please check whether Employee Import is assigned in Manage Employee Import of RBP

B. Grant permissions Manage User > Employee Export

C. Grant permissions General User Permission > Company Info Access > User Search

 

See Also

2991051 - RBP levels on User entity - OData API

Keywords

OData, User, Field-level permissions, Row-level permissions , KBA , LOD-SF-INT-ODATA , OData API Framework , Problem

Product

SAP SuccessFactors HXM Suite all versions