Symptom
In RBP, Field level permission is restricted for API user to restrict the access to the field (Eg: Local Salary) on UI. However still the 'api user' is able to fetch the 'Local Salary' (Entity - salaryLocal) information.
Sample API call : OData query :https://apixx.sapsf.com/odata/v2/User('XXXX')/salaryLocal?$format=json
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental"
Environment
SAP SuccessFactors HXM Suite
Cause
Need to disable/enable few more permissions
Resolution
Follow below steps to restrict API access for specific fields.
- Login to SuccessFactors Instance
- Admin Center- Navigate to Set User permissions --> Manage Permission Roles--> Select the role (for eg: apiuser) --> click on 'Permission' under 'Permission settings'
- Below are the permission settings to restrict some fields for the user role.
3.A Manage Integration Tools --> Allow Admin to Access OData API through Basic Authentication (grant the permission)
3.B Manage User --> Employee Export (revoke the permission)
3.C General User Permission --> Company Info Access --> User Search (grant the permission)
3.D Employee Data : same as the snapshot 'Employee data RBP' (revoke the permission)
See Also
2316798 - How to restrict API access to specific EC portlets/entities
2956845 - How to Restrict field level permissions for API access to Effective dated EC entities
Keywords
Restrict field level API access, disable field level permissions, Restrict API access , OData API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-EC , Employee Central SFAPI & OData Entities , How To