SAP Knowledge Base Article - Public

2548629 - Users seeing Sales Orders which are out of the Sales Org assigned to respective user : Access Group id :- “55555555555555555555555555555555”

Symptom

Users seeing Sales Orders which are out of the Sales Org assigned to respective user

Reproducing the Issue

  1. User ABC has Sales Org XYZ mapped.
  2. Login using user ABC and Go to Sales work center.
  3. Go to Sales Orders view.
  4. You will see  Sales Orders belonging to different Sales Org are visible.
  5. Go to Access Restrictions of the User ABC, you will see that Access Restrictions for Sales Order has Access Context - 1015 with Restriction rule – “5-Employee, Sales Data of Employee”.
  6. Go to Administrator Work Center.
  7. Go to (Beta) Check Users Authorization.
  8. Fill ABC as Business User.
  9. Use any of the Sales Oders which has different Sales Org than that of the User ABC to fill - Business Object ID which is visible for user ABC.
  10. Choose Object  - Sales Order.
  11. You see the Access Group id :- “55555555555555555555555555555555”.

Cause

If the you want to restrict the access to homeless objects, than this only works if the compatibility mode was deactivated before.

The Silent Data Migration XPRA will be only executed again to correct the data, if the scoping for the “homeless” question is changed again.

Compatability.png 

If you enable this scoping question and the "Compatibility mode for Access Context 1015" scoping question (that is also located with in the "User and Access Management" section) is also in scope, then accounts that do have only sales data (and no account team or territory assignment) can still be accessed by a business user that has restricted account access.

This is also valid for transactions that contain sales data without a territory or employee assigned.

Resolution

Please follow the below:-

  1. Deselect - Scoping Question:Compatibility mode for Access Context 1015 (Employee, Territory, Sales Data).
  2. Deselect - Scoping Question: Remove the authorization for unassigned data records (the homeless question).
  3. Save/Deploy changes.
  4. Select - Scoping Question: Remove the authorization for unassigned data records (the homeless question).
  5. Save/Deploy changes.

Keywords

KBA , LOD-CRM-EMP , Employee , How To

Product

SAP HYBRIS C4C CORE all versions ; SAP Hybris Cloud for Customer 1708