2938963 - "Admin access to MDF OData API" permission usage recommendation

MDF provides one permission "Metadata Framework" => "Admin access to MDF OData API" for OData API usage. There will be side effects (role-based permission not respected, workflow not triggered etc.) if this permission is granted to end users without knowing how it works. 

• SAP SuccessFactors HXM Suite
• Metadata Frameowrk (MDF)

For a technical user who needs to replicate MDF data between systems through OData API 

• "Admin access to MDF OData API" permission is recommended. Having this permission, the user can experience a seamless integration as the user has access to all secured and non-secured MDF objects' data from API side ignoring MDF objects' permissions and workflow settings.  

For a general user who needs to access applications built with OData and MDF objects 

• We don’t recommend granting "Admin access to MDF OData API" permission to general users who only need access to customer-facing applications. 
• If the user needs access to secured MDF objects, we recommend setting role-based permissions on MDF object level. 

• If the user only needs access to non-secured MDF objects, we recommend another permission “Access to non-secured objects” which is enough for general users’ consumption of all non-secured MDF objects.  

Odata API, MDF, permission, Admin access to MDF OData API, Odata permission, MDF API , KBA , LOD-SF-MDF-API , OData APIs & Integrations , Problem