/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- MDF Data Export includes records for the exporting user even when Role-Based Permissions (RBP) are configured to exclude self (that is, exclude granted users from having the same access to themselves) for a custom MDF object.
- There is a requirement to export custom MDF object data without including the exporting user’s own data. However, during export, entries related to the exporting user still appear in the output file.
- Administrators expect to export secured MDF object data while ensuring that their own records are excluded, but the export file continues to display their data (for example, their user ID in the externalCode field).
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Environment
SAP SuccessFactors HCM suite
Reproducing the Issue
- Configure a custom MDF object
- Assign RBP roles that: exclude granted users from having same access to themselves
- Confirm in the RBP troubleshooting tool that the exporting user is excluded from the target population.
- Run an MDF Data Export for the object.
- Observe that the exported file still includes records associated with the excluded user (for example, their id appears in externalCode).
Cause
By design, MDF Data Export does not enforce record-level permissions unless explicitly enabled. Therefore, exports return all records regardless of RBP target population or exclude-self settings.
Resolution
- In Admin Center, go to Configure Object Definitions.
- Select the custom MDF object and set Secured = Yes (if not already).
- In Admin Center, go to Manage Data
- Open Object Configuration and select the same MDF object.
- Enable “Record-Level Permission Check on Export” (set to Yes).
- Save the configuration and re-run the MDF Data Export to confirm that only permitted records are included based on RBP.
See Also
- Help Guide - Enabling Record-Level Permission
- Help Guide - Support Record Level Permission for Import and Export
- KBA 3584065 - Separate Import and Export Permission in Metadata Framework
Keywords
mdf data export, record-level permission, rbp, exclude self, target population, export includes self, object-level permissions, metadata framework, permission check on export, custom mdf object, externalCode, promotion recommendation, expected behavior, security configuration, data export permissions, Enable Record-Level Permission Check on Export , KBA , LOD-SF-MDF-IMP , Import and Export Issues , Problem
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)