How does the RBP levels work when querying the OData API User entity?
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
- SAP SuccessFactors HXM Suite
- OData API
There are two topics to be covered on RBP configured for User entity: the target population (who are the users that you are allowed to fetch data) and the data permissions (what specific data you are allowed to fetch from these users defined in the target population).
The Target Population is called as "Row-level Permissions" in the OData API Reference Guide. It controls which users' data can be accessed, and it works together with the data permissions.
There are two Data Permissions:
- Field-level Permission
This is a more restrictive permission that gives the possibility of choosing which specific fields the user will be able to access. You are able to grant such permission by going to "Employee Data" section when setting up the RBP and selecting the fields in the right-side panel (marking the View or Edit checkboxes):
- Admin Permission
The Admin Permission grants the user full access to all possible fields from User entity. It is given by granting the user the "Manage User > Employee Export" permission:
Note: if you grant the Employee Export permission, it will override any Field-level Permissions configuration.
odata, user, entity, api, field, level, non-admin, admin, privileges, full, permission, rbp, access, query, fetch, select, call, employee export, rbp level, RBP_ADMIN, authorization, , KBA , LOD-SF-INT-ODATA , OData API Framework , How To