Employee API v2 Constraints
This enhancement enables customers to begin to constrain Employee API v2 access in the API as it is in the user interface. This enables customers to use Cornerstone’s APIs in a more robust way, by enabling third-party integrators who are outside of their organization and should not otherwise have root access to all employee data, to be able to leverage the data they need for their solutions.
Some customers have been unable to utilize Cornerstone’s APIs for global rollouts because there was no way to guarantee that employee data (especially EMEA employee data) has not been accessed by any systems outside of the EMEA region. While this has been possible to do from an integrator's side by filtering on the organizational unit (OU), it has not been possible to enforce from a governance perspective, forcing some customers to limit their API rollouts. Support for constraints should allow for tighter controls around employee data when using Employee API v2.
API Explorer Documentation
The new Employee API - View - Constrained permission enforces constraints for read access on the Employee API v2 only. Additional documentation with information on how to enable, and how this permission interacts with the existing permissions is available in the API Explorer upon release of this new API.
The following new permission applies to this functionality:
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|
Upon release, the new Employee API - View - Constrained permission is automatically granted to the default System Administrator role. Administrators must grant this permission with the appropriate constraints to other roles, if necessary.