Hello Experts,
We are exposing the below MDF Foundation API:
- FODepartment
- FOBusinessUnit
- FOJobCode
- FOJobFunction
- FODivisions
- Position
Our observations related to RBP for these FO objects.
- Our main objective is that we need to restrict the fields for FO objects as well by applying entity level fields permission in MDF Foundations Objects RBP for all FO Objects and Miscellaneous Permissions RBP for MDF objects(Position).
Example Screenshot:
As per the requirement we are not supposed to expose the Organizational Manager and Parent Organization fields from Department object. So accordingly, we have update RBP’s as shown in the below snapshot.
- As per the SAP recommendation for Integration use cases, Server Snapshot based pagination is should be used when Consumer application will be calling our API to get the data in pages.
- To be able to run snapshot-based pagination queries on MDF entities, it must have the Admin access to MDF OData API permission under Metadata Framework in RBP. Unfortunately, It overrides all entity- level permissions which I have highlighted in first point(above screenshot). It has been highlighted in SAP Help document and we are also the tested the same behavior.
- As the Admin access to MDF OData API permission under Metadata Framework is overrides the entity level field permission so we are not able to achieve the field level restriction for FO Objects.
SAP Help Ref: SAP Help
- Server Cursor based pagination will also not work for FO Objects, we are exposing. It will work for Position object, but it has some own limitations.
- Client-Side pagination will work with entity-level permissions if we don’t apply the Admin access to MDF OData API permission and we can achieve the field level restriction requirement for these FO Objects. But as per our previous experience and SAP’s recommendations, it is not recommended to use Clint side pagination for our Ericsson Integration use cases. Sometimes it might lead to a potential data loss or duplicate issues for Consumer applications.
We would like to know, what would be the recommended way to restrict field level permission these Foundations related API by enabling Server Snapshot Pagination.
Regards,
Souvik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.