How can I restrict HR table access to one table during a REST call?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2025 07:30 AM - edited 03-19-2025 07:30 AM
I've setup an Endpoint for a GET of specific records from the sn_hr_core_case_talent_management table.
The service account that should have that access should ONLY have that access, but right now it seems like it's all or nothing.
I started with giving it Role: sn_hr_core.case_reader
Which works but also gives it access to all the HR tables.
I tried creating a custom (scoped) Role, and gave it its own Read ACL. Could not read.
I then tried adding that service account to a record I put in the appropriate COE. No change.
Am I missing something here or would I have to start modifying the OOTB HR Script Includes that the existing ACLs are using (which is obviously not ideal).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-19-2025 08:01 PM
Hello @Shane J
In the ACL have you tried "Deny Unless" part ? So the scoped role that you have created, give it.
It's like Read ACL will deny every other role until its this role. And another important thing is you need to configure both table level and field level ACL.
Also the service account by which they are accessing integration should only have basic rest access and these roles which you created.
Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.
Regards,
Shivalika
My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194
My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 05:44 AM
Just want to verify that by 'basic rest access' you're referring to the snc_platform_rest_api_access Role.
