The Access Restriction assigned to Business User is not working as expected, users are able to edit Accounts for which they do not have access.
Reproducing the Issue
Go to Application and User Management workcenter.
- Select Business User view.
- Search required Business User ID XXX (where XXX represents Business User ID).
- Edit and open Access Rights.
- Select Access Restriction tab.
- Select required Account
You will observe Access Context is 1010 Employee and Restricted Access is given based on Sales Unit.
The employee is able to see Accounts created by another Business User. This user is not a part of the Sales Units assigned to XXX in Access Restriction.
The access to view an Account is not dependent upon the user who creates the Account.
Restriction Rule 01:
01 - Restrict to Employee and Assigned Employees of Org Unit
Tooltip: Restricts access to employee and the org units for which the employee is the reporting line unit manager
User XXX can access all Accounts where XXX is Employee Responsible.
Manager of XXX can access all the Accounts where XXX is Employee Responsible.
Restriction Rule 99:
99 - Define Specific Restrictions
Detailed Restriction: XXX is selected in the Sales Org Unit.
Any Employee having this Business Role will be able to access all Accounts where XXX is Employee Responsible.
All Homeless Accounts are visible to all Business Users. These Accounts does not have any Employee Responsible.
The system works as designed.
Access Restriction, Account, Sales Org Unit , KBA , access restriction , business user , not working , SRD-CC-IAM , Identity & Access Management , Problem