Symptom
As a system admin, you need to grant an user or a group (eg. development or IT team) full permission to use Integration Center (IC) and build integrations, but don't want them to have access to sensitive employee data (eg. pay components and salary).
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP SuccessFactors HXM Suite
- Integrations
- Integration Center
Reproducing the Issue
- Ensure that you have IC fully enabled to a permission role (KBA 2209164 - How to enable integration center in Successfactors System? - Integration).
- Any user assigned to that permission role will have full access to all employee data via API calls or via IC, including sensitive data such as salary (see screenshot below).
Cause
- IC retrieves data via API calls.
- Employee Central API permissions will override other permission settings, granting access to all employee data.
Resolution
Follow the steps below to restrict data access in IC:
- Login to a SF admin account
- Navigate to Admin Center -> Manage Permission Roles -> Select the role which gives IC access
- Click on "Permission..."
- Now remove all permissions about OData and SOAP API under "Employee Central API" section
- Manually configure which employee data fields should be available under "Employee Data" section
From now on, only employee data fields which were selected in the permissions will be accessible (all other fields will not be shown in the UI nor retrieved by any integration, even if selected in IC).
Keywords
IC, integration center, access, restriction, data, permission , KBA , LOD-SF-INT-INC , Integration Center , LOD-SF-INT , Integrations , How To
Product
SAP SuccessFactors HCM Suite all versions