2956845 - How to Restrict field level permissions for API access to Effective dated EC entities

How to Restrict field level permissions for API access to Effective dated EC entities

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."  

SAP SuccessFactors HXM Suite

Need to disable/enable permissions

Given that the API user have already have the permission "Allow Admin to Access OData API through Basic Authentication " 

Next step is to follow the steps below:

1. Disable "Employee Central HRIS OData API (read-only)" permission as this bypass all permissions and return all data.

   2. In User Permissions -> Employee Central Effective Dated Entities -> Choose the fields you want to return. 

For this example, we will use Job Information.

The fields "Company" and "Business units" are the fields we want to return.

Note: "View Current" permission on the line "Job Information Actions" should also be enabled.

  3. Click Save

  4. Execute API Call: /odata/v2/EmpJob?$format=json

  5. In the response payloads, other fields like seqNumber, userId, startDate are returned.

These properties are key properties or system properties which are forced to be enabled.

Note: If you only need these 2 properties, you can use $select parameter.

/odata/v2/EmpJob?$select=company,businessUnit&$format=json

Response: 

2635970 - How to Restrict field level permissions for API access to Non Effective dated EC portlets/entities

Restrict field level API access, disable field level permissions, Restrict API access  , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , How To