SAP Knowledge Base Article - Public

2907695 - User Can See Contacts which is Not as Expected per Contact Access Restriction Rule


User A can see contact X (X represents the contact ID). However, per the contact access restriction rule you set,  this is not expected.


SAP Cloud for Customer

Reproducing the Issue


You have set up an access restriction rule for the Contact business object, for example, the rule of "Access based on employee and involvement of employees reporting to user in org unit (including sub-units)".

  1. Logon with User A.
  2. Go to the Contacts work center  -> You can see contact X, who has User B as its Owner. User B does not belong to A's org unit. 


This may be because Contact X is associated to an account where there's another user who belongs to user A's org in the Account team.

For example: User A is in Account Y's Account Team, which means User A has the access of account Y, then User A will also get the access of the contacts associated with Y.


  1. You need to check what access restriction rule you configured for the user (business role), then check the contact's Owner and contact's associated Account's Account Team. 
  2. You also need to double check if the Contact is a Homeless Contact. Regarding this, we have 2 scoping questions which will impact the system behavior.  

See Also

  • 2527629 - How to Restrict Homeless Objects from Being Visible
  • 2575264 - User is Not Able to See My Contacts


Contact access, account , 联系人,权限 , KBA , LOD-CRM-ACC , Account , How To


SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions