In RBP, Permission is restricted to access those EC Portlets(Eg: Compensation) on UI however using the same user via SFAPI, we are able to fetch the information present under that portlet.
So this KBA explains on how to restrict API access to some specific EC entities/portlets.
We need to follow below steps to restrict access to certain data.
1. Login to SFSF Instance
2. Navigate to 'Admin Center -> Manage PermissionRoles -> Select the role assigned to the sfapi user -> Click on Permissions'
3. Now remove all permissions about Odata and soap api under Employee Central API.(refer screenshot below)
4. Once done, please provide the user admin access to odata api(refer screenshot below)
5. And to provide access to specific EC entities, you should give the user permissions to corresponding entities.
For example, if you want to provide access to EmpEmployment portlet/entity provide permissions like the one shown in below screenshot.
6. And to provide access to email info, phone info portlets/entities provide permissions as shown in below screenshot.
KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , How To