User A can see contact X (X represents the contact ID). However, per the contact access restriction rule you set, this is not expected.
SAP Cloud for Customer
Reproducing the Issue
You have set up an access restriction rule for the Contact business object, for example, the rule of "Access based on employee and involvement of employees reporting to user in org unit (including sub-units)".
- Logon with User A.
- Go to the Contacts work center -> You can see contact X, who has User B as its Owner. User B does not belong to A's org unit.
This may be because Contact X is associated to an account where there's another user who belongs to user A's org in the Account team.
For example: User A is in Account Y's Account Team, which means User A has the access of account Y, then User A will also get the access of the contacts associated with Y.
- You need to check what access restriction rule you configured for the user (business role), then check the contact's Owner and contact's associated Account's Account Team.
- You also need to double check if the Contact is a Homeless Contact. Regarding this, we have 2 scoping questions which will impact the system behavior.
Contact access, account , 联系人，权限 , KBA , LOD-CRM-ACC , Account , How To