/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
In this document we shall discuss the error code "Insufficient row/field-level permissions" which results from querying or upserting data to the User entity in the context of OData API.
The User Entity represents a user account and contains user demographic and organizational information such as a user's department, division, location, job code, manager and other details.
Row-level permissions are applied through the target population in RBP or through the Administrative Domain in user-based permission system to control which users' data can be accessed.
Field-level permissions allows users to view and edit individual fields as defined in the permission role.
Environment
- SAP SuccessFactors HXM Suite
- OData API
Reproducing the Issue
1. For example, upsert a user to the SuccessFactors system using an API upsert:
https://api2.successfactors.eu/odata/v2/upsert
Body:
{
"__metadata": {
"uri": "User('example123')",
"type": "SFOData.User"
},
2. View the row/field-level permission error:
"Insufficient row-level permissions." OR "Insufficient field-level permissions."
Cause
- Insufficent permissions are assigned to the API user carrying out the Operation on the User Entity.
Resolution
Grant the permissions Employee Import and Export Permissions.
1. To fix the error "Insufficient row-level permissions.":
Check the target population settings for your role, including the target population for field-level permissions.
Alternatively, you can assign the Employee Import or Import Employee Data permission to your role.
Row-level permission works in conjunction with field-level permissions, the Employee Export permission, or the Employee Import Permission.
2. To fix the error "Insufficient field-level permissions.":
Check the permission settings for individual fields under Employee Data in RBP. You can grant field-level permissions in RBP under Employee Data.
A. If Admin Center > Manage Employee Central Settings > Enable Control on Employee Import in Role-Based Permissions is turned on, please grant permission in RBP Manage Permission Roles > Employee Central Import Settings > Basic User Import
If Admin Center > Manage Employee Central Settings > Enable Control on Employee Import in Role-Based Permissions is not enabled, please check whether Employee Import is assigned in Manage Employee Import of RBP
B. Grant permissions Manage User > Employee Export
C. Grant permissions General User Permission > Company Info Access > User Search
See Also
Keywords
OData, User, Field-level permissions, Row-level permissions , KBA , LOD-SF-INT-ODATA , OData API Framework , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)