Symptom
API user created the Job Requisition can access it without having any roles assigned.
Environment
SAP SuccessFactors Recruiting Management
Reproducing the Issue
- Create a job requisition using an API user via OData API.
- Set the originator to another user in the payload. Do not assign any role to the API user in the route map.
- The API can still access the job requisition. In reporting, the API user appears as "approver".
Cause
The API user is the job requisition creator. If the system cannot find another operator role associated with the creator, the creator is automatically assigned the V role.
Resolution
It is recommended not to pass the Originator in the API payload. Doing so will conflict with the user creating the requisition.
Even If the Job Requisition creator is not assigned the Originator role and is not a part of the route map, the creator will still be able to see the requisition, but will not be able to approve/update it.
Keywords
Postman, OData API, API creation, job req form , KBA , LOD-SF-RCM-API , Webservices & APIs , Problem