SAP Knowledge Base Article - Public

2528164 - Unauthorized User Is Able to Edit Accounts

Symptom

The user has only read access to Accounts still he is able to edit the Accounts.

Reproducing the Issue

  1. Log in with user ABC in the system.(ABC is the user ID with Access context=1015,read access=Unrestricted,write access=Restricted)
  2. Go to Customers work center.
  3. Go to Accounts view.
  4. Open Account 123.(123 is Account ID which is owned by a different user XYZ)
  5. Go to Account Team facet.
  6. Click on Edit and try changing the value from XYZ to ABC.

You are able to change the value successfully which is incorrect behavior as the user ABC has only Read Access to Accounts.

Cause

The user ABC is an Active Delegate for Employee XYZ which means which means that ABC will have the same access rights as XYZ.

Resolution

The is expected and correct system behavior.

Keywords

KBA , LOD-CRM-EMP , Employee , How To

Product

SAP Hybris Cloud for Customer 1708 ; SAP LE APPL.PLATFORM 1708