SAP Knowledge Base Article - Public

2723721 - A User Has Access to Tickets That Should Not be Visible to Them Based on Access Restrictions


A User, who has restricted read and write access to Tickets based on their Service Unit can see and edit Tickets, which are assigned to a different Service Unit.


SAP Cloud for Customer

Reproducing the Issue


User ABC (ABC represents the User ID) is assigned to Service Unit 123 (123 represents the Service Unit ID) but has read and write access to Service Unit 456 (456 represents the Service Unit ID).

User DEF (DEF represents the User ID) has restricted read and write access for only Service Unit 123.

  1. Log into the tenant as User DEF.
  2. Go to the Service work center.
  3. Select the Tickets view.

User DEF is able to see Ticket XYZ (XYZ represents the Ticket ID), although this Ticket is assigned to Service Unit 456.


The Employee Responsible of Ticket XYZ is User ABC.

Since this User is assigned to Service Unit 123, this Service Unit is automatically added to the criteria to view the document.

This means that in this example, because User ABC is the Employee Responsible of the Ticket, every User who has access to Service Unit 123 is also able to see Ticket XYZ.


This is the standard system behaviour in SAP Cloud for Customer.


Service Unit Access Restriction Contects Employee Responsible , KBA , LOD-CRM-SRP , Service Request Processing , Problem


SAP Cloud for Customer add-ins all versions