3577096 - Upsert on DyamicGroup entity failed with error "User <value> is editing Permission Group without RBP Permission! for Key <value> with the index 0" - OData API

You are trying to perform an Upsert on DynamicGroup via OData API, and is receiving an error equal or similar to the one below: 

"User <value> is editing Permission Group without RBP Permission! for Key <value> with the index 0"

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

• SAP SuccessFactors HCM Suite
  • OData API

Grant Below Permissions to API User in Manage Roles-Based Permission Access:

• Allow Access to this Page
• View Group
• Edit Group

Perform the Upsert call for DynamicGroup Entity:

Method: POST

Upsert URI: https://apisalesdemo8.successfactors.com/odata/v2/upsert

Sample Payload:

{
    "__metadata": {
        "uri": "apisalesdemo8.successfactors.com/odata/v2/DynamicGroup(1588L)",
        "type": "SFOData.DynamicGroup"
    },
    "groupID": "1588",
    "groupName": "Succession1",
    "groupType": "permission",
    "activeMembershipCount": "2",
    "createdBy": "ADMIN_LSC",
    "lastModifiedDate": "\/Date(1733910688000)\/",
    "staticGroup": false,
    "userType": null,
    "totalMemberCount": "2"
}

Response:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
    <entry>
        <content type="application/xml">
            <m:properties>
                <d:key>1588</d:key>
                <d:status>ERROR</d:status>
                <d:editStatus m:null="true"></d:editStatus>
                <d:message>User sfadmin is editing Permission Group without RBP Permission! for Key 1588 with the index 0</d:message>
                <d:index m:type="Edm.Int32">0</d:index>
                <d:httpCode m:type="Edm.Int32">500</d:httpCode>
                <d:inlineResults m:type="Bag(SFOData.UpsertResult)"></d:inlineResults>
            </m:properties>
        </content>
    </entry>
</feed>

This is a known issue as you are granting only "View Group" and "Edit Group" permission in Manage Role-Based Permission Access for the API User.

API User used to perform API upsert operation is lacking "View Role" and "Edit Role" permissions in Manage Role-Based Permission Access.

The fix for this issue is planned to be deployed on 1H 2025 release (b2505).

For release timelines, please review SAP SuccessFactors Product Release & Road Map Information.

Walkaround

Kindly grant the below permissions for successful API Upsert on DynamicGroup Entity.

• Go to Manage Role-Based Permission Access
• Search for the API User
• Please grant "View Group", "View Role", "Edit Group" and "Edit Role" to the API User.
  
  

Please Note: "This is the current behaviour: that the old permission is shared by Group and the Role therefore, you need to grant both Edit Role and Edit Group Permission for upserting Dynamic Group" and "this is the expected behaviour post Release: You need to grant only the "View Group and Edit Group Permission to upsert the Dynamic Group via API " also "please note the current ETA for this is 1H 2025 (to be confirmed, our internal reference is PLA-49125)"

Enhancements to Manage Role-Based Permissions Access | SAP Help Portal 

DynamicGroup | SAP Help Portal

KI2505, PLA-49125, Not able to upsert, Dynamic Group, OData API, DynamicGroup, Edit Role, Edit Group, Permission, 1H 2025, 2505, KEA, Known Error, known issue, bug, error, fix, defect, release, production, preview, H1 , KBA , LOD-SF-INT-ODATA , OData API Framework , Known Error