2956845 - How to Restrict field level permissions for API access to Effective dated EC entities

How to Restrict field level permissions for API access to Effective dated EC entities.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."  

SAP SuccessFactors HCM

• OData API

Need to enable/disable some permissions

Given that the API user have already have the permission "Allow Admin to Access OData API through Basic Authentication " 

Next step is to follow the steps below:

1. Disable "Employee Central HRIS OData API (read-only)" permission as this bypass all permissions and return all data.

   2. In User Permissions -> Employee Central Effective Dated Entities -> Choose the fields you want to return. 

For this example, we will use Job Information.

The fields "Company" and "Business units" are the fields we want to return.

"View Current" permission on the line "Job Information Actions" should also be enabled.

Note:  For Personal Info fields, the permission on "Personal Information Actions" should also be enabled.

  3. Click Save

  4. Execute API Call: /odata/v2/EmpJob?$format=json

  5. In the response payloads, other fields like seqNumber, userId, startDate are returned.

These properties are key properties or system properties which are forced to be enabled.

Note: If you only need these 2 properties, you can use $select parameter.

/odata/v2/EmpJob?$select=company,businessUnit&$format=json

Response: 

KBA：

2316798 - How to restrict API access to specific Employee Central Entities and Fields

Restrict field level permission, field-level setting, API access, limit, hide , KBA , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , LOD-SF-INT-ODATA , OData API Framework , How To