SAP Knowledge Base Article - Public

2316798 - How to restrict API access to specific EC portlets/entities

Symptom

In RBP, Permission is restricted to access those EC Portlets(Eg: Compensation) on UI however using the same user via SFAPI, we are able to fetch the information present under that portlet.

So this KBA explains on how to restrict API access to some specific EC entities/portlets.

Environment

Successfactors

Resolution

We need to follow below steps to restrict access to certain data.

1. Login to SFSF Instance

2. Navigate to 'Admin Center -> Manage PermissionRoles -> Select the role assigned to the sfapi user -> Click on Permissions'

3. Now remove all permissions about Odata and soap api under Employee Central API.(refer screenshot below)

 Screenshot 1.jpg

4. Once done, please provide the user admin access to odata api(refer screenshot below)

Screenshot 2.jpg

5. And to provide access to specific EC entities, you should give the user permissions to corresponding entities. 

For example, if you want to provide access to EmpEmployment portlet/entity provide permissions like the one shown in below screenshot.

Screenshot 3.jpg

6. And to provide access to email info, phone info portlets/entities provide permissions as shown in below screenshot.

Screenshot 4.jpg

Keywords

KBA , LOD-SF-INT-API , SF API & Adhoc API Framework , LOD-SF-INT , SF Integrations - EC Payroll, Boomi/ HCI, API , How To

Product

SAP SuccessFactors HCM Core 1602 ; SAP SuccessFactors HCM Suite all versions