2982585 - Odata API User Entity (SFOdata.User) Password Field not returned or cannot be viewed. [COE0003]Bad property expression: User/password; User/password is not viewable

Symptom

> When checking Odata API data dictionary 'password' field property 'visible'=true.
> When trying to change 'password' field property 'visible'=true, is not possible.
> When trying to get value of password field through Odata API User Entity, error response is returned.

"code" : "COE_BAD_PROPERTY_EXPRESSION", "message" : {
"lang" : "en-US", "value" : "[COE0003]Bad property expression: User/password; User/password is not viewable"

Environment

SAP Successfactors HXM Suite

- Odata API

Reproducing the Issue

> Sample Query :
http://<API HOST URL/ENDPOINT>/odata/v2/User?$select=username,userId,password&$filter=userId eq '<sample_userId>'&$format=json

> API Response
{
"error" : {
"code" : "COE_BAD_PROPERTY_EXPRESSION", "message" : {
"lang" : "en-US", "value" : "[COE0003]Bad property expression: User/password; User/password is not viewable"

}
}
}

Cause

When checking the Metadata or Odata API data dictionary, password property 'visible' is set to 'false'

Resolution

This is expected behavior, for security and confidentiality purposes password values are never allowed to be communicated or queried.
In the Metadata of this standard entity, the 'password' field has property 'viewable/visible' set to false.

Note : SAP is not allowed and does not have access to customer password/credentials.

This is documented as special Note in SAP SuccessFactors HXM Suite OData API: Reference Guide, under section of User API entity > Permission

"The password field cannot be queried under any circumstance"

Keywords

SFOdata.User, Password not viewable, [COE0003]Bad property expression: User/password; User/password is not viewable, COE0003, User Password , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , How To

Product

SAP SuccessFactors HXM Suite all versions