Required Permissions
You must configure the service account with certain permissions to run a test connection and aggregate or provision data.
Account Aggregation: Default Attributes
There are specific permissions required to aggregate the default account attributes. You may also need to enable certain security features or grant additional field-level access. The following table lists the default account attributes and the associated permissions and security considerations required to aggregate them. Attributes with similar requirements are grouped together where possible.
|
Attributes |
Required Permission |
Security Considerations |
|---|---|---|
|
Employee XRefCode Employee Number Eligible For Rehire CommonName HomeOrganization Federated Id Hire Date New Hire Approved New Hire Approval Date New Hire Approved By Original Hire Date Start Date Pre Start Date Login Id Display Name First Name Last Name Employee Termination Date |
The user role must have access to the Read Data subfeature. To find the Read Data subfeature, go to System Admin > Roles > Features > HCM Anywhere > Web Services. |
Enable XRefCode To enable XRefCode, go to: System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources > Employee. |
|
Employment Status |
EmployeeEmploymentStatus (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
Enable read access for Employee Status Information. To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
Employment Type |
Employment Type EmployeeEmploymentType (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
|
|
Business Email |
PersonContact (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
Enable read access for Employee Contact Information - Personal and/or Employee Contact Information - Business. To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
Business Phone |
||
|
Business Phone Country Code |
||
|
Location |
EmployeeWorkAssignment (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
Enable read access for Employee Work Assignment - Primary Records . To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
Position |
||
|
Work Location |
||
|
Department |
||
|
Job XRefCode |
||
|
Job Name |
||
|
JobRank |
||
|
Job EmployeeEEO |
||
|
Job Classification |
||
|
Job FLSAStatus |
||
|
Manager XRefCode |
EmployeeManager (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
None |
|
Manager FirstName |
||
|
Manager LastName |
||
|
Role XRefCode |
EmployeeRole (and relevant child nodes) To enable this feature, go to System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources. |
Enable read access for Employee Profile - Security Settings - Roles. To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
Role Name |
||
|
Organization Unit Name |
|
|
Account Aggregation: Additional Attributes
There are specific permissions required to aggregate additional account attributes. You may also need to enable certain security features or grant additional field-level access. The following table lists additional account attributes and the associated permissions and security considerations required to aggregate them. Attributes with similar requirements are grouped together where possible.
|
Attribute |
Required Permission |
Security Considerations |
|---|---|---|
|
BirthDate |
The user role must have access to the Read Data subfeature. To find the Read Data subfeature, go to System Admin > Roles > Features > HCM Anywhere > Web Services. |
Enable XRefCode To enable XRefCode, go to: System Admin > Roles > Web Services Field-Level Access > RESTful Services > Human Resources > Employee. |
|
BioExempt |
||
|
Gender |
||
|
MaritalStatus |
EmployeeMaritalStatus (and relevant child nodes) |
Grant read access for Employee Personal Information To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
Address |
PersonAddress (and relevant child nodes) |
Grant read access for Employee Contact Information To grant this field-level access, go to System Admin > Roles > Authorizations. |
|
City |
||
|
PostalCode |
||
|
Country |
||
|
State |
Provisioning
There are specific permissions required to provision certain account attributes. You will also need to enable certain security features. The following table lists account attributes and the associated permissions and security considerations required to provision them. Attributes with similar requirements are grouped together where possible.
|
Attribute |
Required Permission |
Security Considerations |
|---|---|---|
|
FirstName |
The user role have access to the PATCH/POST Employee HR Data subfeature under HCM Anywhere > Web Services in the Features tab of System Admin > Roles. To find the PATCH/POST Employee HR Data subfeature, go to System Admin > Roles > Features > HCM Anywhere > Web Services. |
Enable Can Create and Can Update To enable these features, go to System Admin > Roles > Authorizations. |
|
LastName |
||
|
BusinessEmail |
The user role have access to the PATCH/POST Employee HR Data subfeature under HCM Anywhere > Web Services in the Features tab of System Admin > Roles. To find the PATCH/POST Employee HR Data subfeature, go to System Admin > Roles > Features > HCM Anywhere > Web Services. |
Enable Can Create and Can Update To enable these features for Employee Contact Information - Personal and/or Employee Contact Information - Business, go to System Admin > Roles > Authorizations. |
|
BusinessPhone |