SAP Knowledge Base Article - Public

2635970 - How to Restrict field level permissions for API access to Non Effective dated portlets/entities

Symptom

In RBP, Field level permission is restricted for API user to restrict the access to the field (Eg: Local Salary) on UI. However still the 'api user' is able to fetch the 'Local Salary' (Entity - salaryLocal) information.

Sample API call : OData query :https://apixx.sapsf.com/odata/v2/User('XXXX')/salaryLocal?$format=json

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental"

Environment

SAP SuccessFactors HXM Suite

Cause

Need to disable/enable few more permissions

Resolution

Follow below steps to restrict API access for specific fields.

  1. Login to SuccessFactors Instance
  2. Admin Center- Navigate to Set User permissions --> Manage Permission Roles--> Select the role (for eg: apiuser) --> click on 'Permission' under 'Permission settings' 
  3. Below are the permission settings to restrict some fields for the user role.

3.A Manage Integration Tools --> Allow Admin to Access OData API through Basic Authentication  (grant the permission)

Manage Integration Tools2.jpg

3.B Manage User --> Employee Export  (revoke the permission)

Employee Export_Out1.png

3.C General User Permission --> Company Info Access --> User Search (grant the permission)

Enable_SUer Search_out1.png


3.D Employee Data : same as the snapshot 'Employee data RBP' (revoke the permission)

Local Salary_out1.png

 

See Also

2316798 - How to restrict API access to specific EC portlets/entities

2956845 - How to Restrict field level permissions for API access to Effective dated EC entities

Keywords

Restrict field level API access, disable field level permissions, Restrict API access , OData API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , How To

Product

SAP SuccessFactors HXM Suite all versions