SAP Knowledge Base Article - Public

2907695 - User Can See Contacts which is Not as Expected per Contact Access Restriction Rule


User A can see contact XXX. (XXX represents the contact ID) However, per the contact access restriction rule you set,  this is not expected.


SAP Cloud for Customer

Reproducing the Issue


You have set up an access restriction rule for Contact business object, for example: the rule of "Access based on employee and involvement of employees reporting to user in org unit (including sub-units)"

  1. Logon with User A
  2. Go to Contacts work center > You can see contact XXX, which owner is User B, and User B is not belong to A's org unit. 


This may be because Contact XXX is associated with Account YYY, and there's one user in YYY's Account team, who belongs to user A's org.

For example, User A itself is in YYY's Account team, which means User A has the access of account YYY, then User A will also get the access of the contacts associated with YYY.


  1. You need to check what access restriction rule you configured for the user (business role), then check the contact's Owner and contact's associated Account's Account Team. 
  2. You also need to double check whether the Contact is a Homeless Contact. Regarding to this, we have 2 scoping questions which will impact the system behavior.  Please refer to 2527629 - How to Restrict Homeless Objects from Being Visible and 2575264 - User is Not Able to See My Contacts

See Also

2527629 - How to Restrict Homeless Objects from Being Visible

2575264 - User is Not Able to See My Contacts


Contact access, account , 联系人,权限 , KBA , LOD-CRM-ACC , Account , How To


SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions