SAP Knowledge Base Article - Public

2956845 - How to Restrict field level permissions for API access to Effective dated EC entities

Symptom

How to Restrict field level permissions for API access to Effective dated EC entities.

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."  

Environment

SAP SuccessFactors HCM

  • OData API

Cause

Need to enable/disable some permissions

Resolution

Given that the API user have already have the permission "Allow Admin to Access OData API through Basic Authentication " 

Next step is to follow the steps below:

  1. Disable "Employee Central HRIS OData API (read-only)" permission as this bypass all permissions and return all data.

   2. In User Permissions -> Employee Central Effective Dated Entities -> Choose the fields you want to return. 

For this example, we will use Job Information.

The fields "Company" and "Business units" are the fields we want to return.

"View Current" permission on the line "Job Information Actions" should also be enabled.

Note:  For Personal Info fields, the permission on "Personal Information Actions" should also be enabled.

  3. Click Save

  4. Execute API Call: /odata/v2/EmpJob?$format=json

  5. In the response payloads, other fields like seqNumber, userId, startDate are returned.

These properties are key properties or system properties which are forced to be enabled.

Note: If you only need these 2 properties, you can use $select parameter.

/odata/v2/EmpJob?$select=company,businessUnit&$format=json

Response: 

See Also

KBA:

2316798 - How to restrict API access to specific Employee Central Entities and Fields

Keywords

Restrict field level permission, field-level setting, API access, limit, hide , KBA , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HCM Core 2411

Attachments

Pasted image.png
Pasted image.png