This post was originally published on this site
Dear Onboarding Partners and Customers,
We have an important update for you.
As previously mentioned in https://me.sap.com/notes/3196136, in early releases of SAP SuccessFactors Onboarding, Employee Central HRIS OData API permissions were required to view new hire data in Manage Pending Hire (MPH).
However, these permissions are no longer required for Onboarding. Please review your permission roles and remove these permissions from the Onboarding end-user roles. They are intended only for technical users for integration purposes, as highlighted in https://me.sap.com/notes/3594795.
Permissions to Check
Under Employee Central API, the following permissions should NOT be granted to end users:
Employee Central Foundation SOAP APIEmployee Central Foundation OData API (read-only)Employee Central Foundation OData API (editable)Why This Matters
If these permissions are granted to end users:
When migrating to Latest People Profile – Full Profile, more fields will be visible to the user than expected, which can lead to data exposure risks.These permissions were previously needed for Onboarding but are now only required for technical users managing integrations.Key Actions needed at your end
Audit your Onboarding permission roles. Remove technical API permissions from end-user roles.Thank you for your continued partnership and commitment to best practices. Keeping permissions aligned with current guidelines helps maintain data security and ensures a smooth experience for all users.
