Hi everyone,

I'm using the SAP SuccessFactors OData API to retrieve certain entities via a dedicated API user. However, I’m trying to figure out whether it’s possible to configure permission roles or groups in a way that lets me retrieve only the entities that are relevant to the end user (not the API user), based on specific business rules or dynamic criteria.

For example, take the Cost Center Foundation Object: I want to allow certain users to query cost centers, but only the ones where they are assigned as the cost center manager.

I know that in Business Rules, there is a way to check if a user is the currently logged-in user—like in this screenshot:

But I couldn't find any documentation or approach that allows something similar at the permission level. I'm not even sure if it's possible, but maybe someone has encountered a similar requirement and solved it with a different workaround (e.g. via MDF roles, custom filters, or proxy logic).

Any insight or experience would be greatly appreciated!

Best regards,