In Activities > Emails, a user with access restriction for Employee, Territory, Account and Sales Data can see emails that have come in as a reply to a ticket.
The ticket is access restricted for the user and they cannot see it so you presume they should also not be able to see the response.
Reproducing the Issue
1. Login with the respective user.
2. Go to the Activities workcenter.
3. Go to the Emails view.
4. Search for the email response to the ticket.
Result: The user can see the email despite valid access restrictions.
In Fine Tuning for Activities > Involved Parties for Emails, the determination for Employee Responsible is only scoped for Current User. This configuration will not work with email activity as the data is coming from an external source.
In the Involved Parties for the Activities > Emails, also the Account Team determination for Employee Responsible needs to be scoped. Then the access restriction for the Employee, Territory, Account, Sales Data will work.
1. Go to the Business Configuration workcenter.
2. Go to the Activity List and select Fine Tuning.
3. Find and open the activity Activities.
4. Click the link Maintain Involved Parties for E-Mails.
5. For Employee Responsible, scope the determination for the Account Team.
However, be aware that if there is no Account Team maintained for the Account, the Email Activities will still be created as orphan entries and will not get restricted via access restrictions.
KBA , SRD-CC-FED , Feeds , How To