SAP Knowledge Base Article - Public

2770652 - Access Restriction for Business User is not Working as Expected

Symptom

The Access Restriction assigned to Business User is not working as expected, users are able to edit Accounts for which they do not have access.

Reproducing the Issue

  1. Go to Application and User Management workcenter.
  2. Select Business User view.
  3. Search required Business User ID XXX (where XXX represents Business User ID).
  4. Edit and open Access Rights.
  5. Select Access Restriction tab.
  6. Select required Account 
    You will observe Access Context is 1010 Employee and Restricted Access is given based on Sales Unit.

The employee is able to see Accounts created by another Business User. This user is not a part of the Sales Units assigned to XXX in Access Restriction.

Cause

The access to view an Account is not dependent upon the user who creates the Account.

Case 1: 

Restriction Rule 01:

01 - Restrict to Employee and Assigned Employees of Org Unit

Tooltip: Restricts access to employee and the org units for which the employee is the reporting line unit manager

User XXX can access all Accounts where XXX is Employee Responsible.

Manager of XXX can access all the Accounts where XXX is Employee Responsible.

Case 2:

Restriction Rule 99:

99 - Define Specific Restrictions

Detailed Restriction: XXX is selected in the Sales Org Unit.

Any Employee having this Business Role will be able to access all Accounts where XXX is Employee Responsible.

Case 3:

All Homeless Accounts are visible to all Business Users. These Accounts does not have any Employee Responsible.

 

Resolution

The system works as designed.

Keywords

Access Restriction, Account, Sales Org Unit , KBA , access restriction , business user , not working , SRD-CC-IAM , Identity & Access Management , Problem

Product

SAP Business ByDesign all versions