SAP Knowledge Base Article - Public

3089282 - OData API: Can we restrict API permission by geography for upsert calls (POST)?

Symptom

Trying to upsert a group of employees data via Odata API and you restricted the API user permissions by geography. (e.g. Germany)

However when we try to do an update by POST call for another geography, like employees of Portugal or Spain, the system not respect the target permissions and do the update for these  employees as well.

Environment

  • SAP SuccessFactors HXM Suite
  • Odata API

Reproducing the Issue

  1. Restrict the RBP permission of the API user by geography

  2. Perform an upsert call for employees from different geography

  3. Notice that the upsert call was successful
     

Resolution

Target population validation is not performed for API calls. This is an expected behavior.

Keywords

upsert, geography, RBP target group, restriction, API, Odata API,  , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , How To

Product

SAP SuccessFactors HXM Suite all versions