Authorization and Filtering Data

Dayforce SOAP Web Services Developer Guide

Authorization and Filtering Data

Data elements that are returned from the Dayforce Web Services are limited and filtered based on the field level and access authorizations associated with the default role of the user account that was used to authenticate with. These authorizations are defined as part of the configuration of the Dayforce application for web services use.

The user role must have access to the data via both the field level filtering and the access authorizations. If either of those filter the data, the data will not be returned.

Note: The structure of the data will not change if data is filtered. Data is filtered by setting the data value to null or the default value. There are two levels of filtering and authorization.

Field Level Filtering

To limit the number of fields returned, a white list of fields is specified in the Dayforce database to indicate which fields can be returned. The list is associated to specific client and user roles, so different users that have different roles can receive different data elements. The list of allowed fields is specified using the data contract class and property names. 

You can use a wild card (asterisk) for a property name to indicate you want all properties on a class, but you cannot use a wildcard within a property name to specify a subset of property names on a class. 

Note: The field-level filtering that is configured within the database must be setup by Dayforce Support personnel. There is currently no client-facing user interface where this can be updated.

Access Authorizations

Each data element that is returned from Dayforce Services might have an access authorization associated with it. The access authorization limits the data that can be returned. Access authorizations are hard coded on the data contract and aren't customizable. The access authorizations used by Dayforce web services API are the same ones as used by the rest of the Dayforce HCM application.

For example, many properties of the Employee class are controlled by the Employee Personal Information access authorization. If you enable this access authorization on the default role of the user that was used during authentication, you can see properties such as names, dates, and gender to name a few.