The Access Restriction assigned to Business User is not working as expected, users are able to edit Accounts for which they do not have access.
Reproducing the Issue
Go to Application and User Management workcenter.
- Select Business User view.
- Search required Business User ID XXX (where XXX represents Business User ID).
- Edit and open Access Rights.
- Select Access Restriction tab.
- Select Account : BPM_ACCOUNTS.
You will observe Access Context is 1010 Employee and Restricted Access is given based on Sales Unit.
The employee is able to see Accounts created by another Business User. This user is not a part of the Sales Units assigned to XXX in Access Restriction.
The access to view an Account is not dependent upon the user who creates the Account.
The Sales Data has the same Sales Org Unit ID which is assigned to this employee under Access Restrictions.
Follow the steps below to check the Sales Data of this Account:
Go to Account Management workcenter.
- Select the Account which this Business User should not see.
- Open Sales tab of this Account, you can see the same Org Unit as is assigned to this Business User.
The Business User will be able to see the Accounts which have Sales Data same as the Sales Org Unit assigned to this user in Access Restriction.
The system works as designed.
Access Restriction, Account, Sales , KBA , SRD-CC-IAM , Identity & Access Management , Problem