Symptom
- The user does not have access to non-secured objects. However, the user can still import and export non-secured objects.
- The Import/Export function is not respecting the defined target criteria.
- The position target criteria work in the Org Chart (as an example) but not in Import/Export.
- As an administrator, I am unable to limit Import/Export according to the target criteria set in RBP.
Environment
SAP SuccessFactors HCM suite
Reproducing the Issue
- Go to "Import and Export data" page.
- Choose Export Data -> Select the object you want to export the data for.
- Go to "Monitor Job" page and download the status of the job you run in the above step.
- Open the downloaded file and notice the data inside the root .csv file for that object.
All the data is available in the exported file irrespective of what target criteria were set for the user who exported the data.
For the same user, data is limited/restricted in accordance with target criteria defined in RBP, on the "Manage Data" page or "Position Org Chart".
Cause
This is the system design and expected system behavior:
- For non-secured objects, MDF Import/Export ignores the permission of 'Access to non-secured objects'.
- For secured objects, MDF Import/Export respects users that have permission over the object, but not the target criteria.
Resolution
- Data flow via MDF Import/Export does not respect target criteria defined in the RBP. This applies to all MDF Entities because, during export, the framework exports all data regardless of RBP controls on the Manage Data page or Position Org Chart. The same issue occurs with import.
- Further, for OData API-based data flows: Target criteria are respected for Non-Admin users, but not for Admin users.
As a workaround, if a non-secured object is business-critical and the customer does not want users to access it via Import or Export, they can change it to a secured object and control accessibility through RBP. However, the target criteria will still not be respected. The change will ensure that only users with permission to view/edit the object can import/export all data related to the object.
See Also
- Help Guide: Enabling Security for Objects
- KBA 3511666 - [MDF] Enabling Security for Objects
Keywords
MDF, metadata framework, import and export data, Permission, RBP, SF, 'Access to non-secured objects', Export Position data, target, Custom MDF RBP Permissions, Export Position data, , KBA , LOD-SF-MDF-IMP , Import and Export Issues , How To