Symptom
How does the RBP levels work when querying the OData API User entity?
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
- SAP SuccessFactors HXM Suite
- OData API
Resolution
There are two topics to be covered on RBP configured for User entity: the target population (who are the users that you are allowed to fetch data) and the data permissions (what specific data you are allowed to fetch from these users defined in the target population).
Target Population
The Target Population is called as "Row-level Permissions" in the OData API Reference Guide. It controls which users' data can be accessed, and it works together with the data permissions.
Data Permissions
There are two Data Permissions:
- Field-level Permission
This is a more restrictive permission that gives the possibility of choosing which specific fields the user will be able to access. You are able to grant such permission by going to "Employee Data" section when setting up the RBP and selecting the fields in the right-side panel (marking the View or Edit checkboxes):
Note: in order to use field-level permissions properly, the user also needs the permission General User Permission > Company Info Access > User Search (screenshot below), otherwise it won't work. - Admin Permission
The Admin Permission grants the user full access to all possible fields from User entity. It is given by granting the user the "Manage User > Employee Export" permission:
Note: if you grant the Employee Export permission, it will override any Field-level Permissions configuration.
See Also
Keywords
employee export, target population, user, field level, field-level, admin, non-admin, restrict, fields, , KBA , LOD-SF-INT-ODATA , OData API Framework , How To