SAP Knowledge Base Article - Public

2991051 - RBP levels on User entity - OData API

Symptom

How does the RBP levels work when querying the OData API User entity?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

  • SAP SuccessFactors HXM Suite
    • OData API

Resolution

There are two topics to be covered on RBP configured for User entity: the target population (who are the users that you are allowed to fetch data) and the data permissions (what specific data you are allowed to fetch from these users defined in the target population).

Target Population

The Target Population is called as "Row-level Permissions" in the OData API Reference Guide. It controls which users' data can be accessed, and it works together with the data permissions.

Data Permissions

There are two Data Permissions:

  1. Field-level Permission
    This is a more restrictive permission that gives the possibility of choosing which specific fields the user will be able to access. You are able to grant such permission by going to "Employee Data" section when setting up the RBP and selecting the fields in the right-side panel (marking the View or Edit checkboxes):

     

  2. Admin Permission
    The Admin Permission grants the user full access to all possible fields from User entity. It is given by granting the user the "Manage User > Employee Export" permission:



Note: if you grant the Employee Export permission, it will override any Field-level Permissions configuration.

See Also

OData API: Reference Guide

Keywords

odata, user, entity, api, field, level, non-admin, admin, privileges, full, permission, rbp, access, query, fetch, select, call, employee export, rbp level, RBP_ADMIN, authorization,  , KBA , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HXM Suite all versions