In RBP, Field level permission is restricted for API user to restrict the access to the field (Eg: Local Salary) on UI. However still the 'api user' is able to fetch the 'Local Salary' (Entity - salaryLocal) information.
Sample API call : OData query :https://apixx.sapsf.com/odata/v2/User('XXXX')/salaryLocal?$format=json
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental"
Need to disable/enable few more permissions
Follow below steps to restrict API access for specific fields.
- Login to SuccessFactors Instance
- Admin Center- Navigate to Set User permissions --> Manage Permission Roles--> Select the role (for eg: apiuser) --> click on 'Permission' under 'Permission settings'
- Below are the permission settings to restrict some fields for the user role.
3.A Manage Integration Tools --> Allow Admin to Access OData API through Basic Authentication (grant the permission)
3.B Manage User --> Employee Export (revoke the permission)
3.C General User Permission --> Company Info Access --> User Search (grant the permission)
3.D Employee Data : same as the snapshot 'Employee data RBP' (revoke the permission)
Restrict field level API access, disable field level permissions, Restrict API access , OData API , KBA , LOD-SF-INT , Integrations , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT-API , API & Adhoc API Framework , How To