SAP Knowledge Base Article - Public

2635970 - How to Restrict field level permissions for API access to EC portlets/entities

Symptom

In RBP, Field level permission is restricted for API user to restrict the access to the field (Eg: Local Salary) on UI. However still the 'api user' is able to fetch the 'Local Salary' (Entity - salaryLocal) information.

Sample API call : OData query :https://apixx.sapsf.com/odata/v2/User('XXXX')/salaryLocal?$format=json

Environment

SuccessFactors

Cause

Need to disable/enable few more permissions

Resolution

Follow below steps to restrict API access for specific fields.

  1. Login to SuccessFactors Instance
  2. Admin Center- Navigate to Set User permissions --> Manage Permission Roles--> Select the role (for eg: apiuser) --> click on 'Permission' under 'Permission settings' 
  3. Below are the permission settings to restrict some fields for the user role.

3.A Manage Integration Tools --> Admin access to OData  (grant the permission)

Manage Integration Tools2.jpg

3.B Manage User --> Employee Export  (revoke the permission)

Employee Export_Out1.png

3.C General User Permission --> Company Info Access --> User Search (grant the permission)

Enable_SUer Search_out1.png


3.D Employee Data : same as the snapshot 'Employee data RBP' (revoke the permission)

Local Salary_out1.png

 

See Also

2316798 - How to restrict API access to specific EC portlets/entities

Keywords

Restrict field level API access, disable field level permissions, Restrict API access , OData API , KBA , LOD-SF-INT-API , SF API & Adhoc API Framework , LOD-SF-INT , SF Integrations - EC Payroll, Boomi/ HCI, API , LOD-SF-INT-ODATA , OData API Framework , How To

Product

SAP SuccessFactors HCM Core 1802