SAP Knowledge Base Article - Public

2982585 - Odata API User Entity (SFOdata.User) Password Field not returned or cannot be viewed. [COE0003]Bad property expression: User/password; User/password is not viewable


> When checking Odata API data dictionary 'password' field property 'visible'=true.
> When trying to change 'password' field property 'visible'=true, is not possible.
> When trying to get value of password field through Odata API User Entity, error response is returned.

"code" : "COE_BAD_PROPERTY_EXPRESSION", "message" : {
"lang" : "en-US", "value" : "[COE0003]Bad property expression: User/password; User/password is not viewable"


SAP Successfactors HXM Suite

- Odata API

Reproducing the Issue

> Sample Query :
http://<API HOST URL/ENDPOINT>/odata/v2/User?$select=username,userId,password&$filter=userId eq '<sample_userId>'&$format=json

> API Response
"error" : {
"code" : "COE_BAD_PROPERTY_EXPRESSION", "message" : {
"lang" : "en-US", "value" : "[COE0003]Bad property expression: User/password; User/password is not viewable"



When checking the Metadata or Odata API data dictionary, password property 'visible' is set to 'false'

<Property Name="password" Type="Edm.String" Nullable="true" sap:required="false" sap:creatable="true" sap:updatable="true" sap:upsertable="true" sap:visible="false" sap:sortable="false" sap:filterable="false" MaxLength="128" sap:field-control="userPermissionsNav/password" sap:label="password"/>


This is expected behavior, for security and confidentiality purposes password values are never allowed to be communicated or queried.
In the Metadata of this standard entity, the 'password' field has property 'viewable/visible' set to false.

Note : SAP is not allowed and does not have access to customer password/credentials.

This is documented as special Note in SAP SuccessFactors HXM Suite OData API: Reference Guideunder section of User API entity  > Permission

"The password field cannot be queried under any circumstance"

See Also

2888224  - Change / Reset User Login Password with preferred value using SFOdata.User API

2932190 - Changes to Default Password Generation in BizX Users


SFOdata.User, Password not viewable, [COE0003]Bad property expression: User/password; User/password is not viewable, COE0003, User Password , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , How To


SAP SuccessFactors HXM Suite all versions