Symptom
There is an employee that is assigned in a Business Role which has the restricted access to Opportunities. However, this employee is able to access all the opportunities in the system.
Environment
SAP Cloud for Customer
Reproducing the Issue
- Login as the user XYZ (XYZ represents the user ID that is assigned to the Business Role which has the restricted access to Opportunities).
- Go to the Sales work center.
- Go to the Opportunities view.
- The user is able to see and access all the opportunities in the system.
Cause
The work center Pipeline Simulation is unrestricted in the Business Role that the employee is assigned.
Resolution
If the Pipeline Simulation work center has unrestricted access in the assigned Business Role, the employee will have access to all opportunities in the system, even though the Opportunities work center is restricted for some rule.
This is the expected system behavior.
Also, a similar behavior happens once the employee is assigned in two different Business Role, where one Business Role has unrestricted access to the work center ABC (ABC represents the work center name) and the other has restricted access to the work center ABC, the user will have unrestricted access to the work center ABC.
See Also
SAP Community Blog Post - Access Control Management: Access restrictions explained
2966473 - Opportunity Access Restriction is Not Working alhtough User has Restricted Access
Keywords
Opportunity, Pipeline Simulation, Business Role, Access Restriction , KBA , LOD-CRM-OPP , Opportunity Management , How To