Symptom
How to Restrict field level permissions for API access to Effective dated EC entities.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
SAP SuccessFactors HCM
- OData API
Cause
Need to enable/disable some permissions
Resolution
Given that the API user have already have the permission "Allow Admin to Access OData API through Basic Authentication "
Next step is to follow the steps below:
- Disable "Employee Central HRIS OData API (read-only)" permission as this bypass all permissions and return all data.
2. In User Permissions -> Employee Central Effective Dated Entities -> Choose the fields you want to return.
For this example, we will use Job Information.
The fields "Company" and "Business units" are the fields we want to return.
"View Current" permission on the line "Job Information Actions" should also be enabled.
Note: For Personal Info fields, the permission on "Personal Information Actions" should also be enabled.
3. Click Save
4. Execute API Call: /odata/v2/EmpJob?$format=json
5. In the response payloads, other fields like seqNumber, userId, startDate are returned.
These properties are key properties or system properties which are forced to be enabled.
Note: If you only need these 2 properties, you can use $select parameter.
/odata/v2/EmpJob?$select=company,businessUnit&$format=json
Response:
See Also
KBA:
2316798 - How to restrict API access to specific Employee Central Entities and Fields
Keywords
Restrict field level permission, field-level setting, API access, limit, hide , KBA , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , LOD-SF-INT-ODATA , OData API Framework , How To
Product
Attachments
Pasted image.png |
Pasted image.png |