User A can see contact XXX. (XXX represents the contact ID) However, per the contact access restriction rule you set, this is not expected.
SAP Cloud for Customer
Reproducing the Issue
You have set up an access restriction rule for Contact business object, for example: the rule of "Access based on employee and involvement of employees reporting to user in org unit (including sub-units)"
- Logon with User A
- Go to Contacts work center > You can see contact XXX, which owner is User B, and User B is not belong to A's org unit.
This may be because Contact XXX is associated with Account YYY, and there's one user in YYY's Account team, who belongs to user A's org.
For example, User A itself is in YYY's Account team, which means User A has the access of account YYY, then User A will also get the access of the contacts associated with YYY.
- You need to check what access restriction rule you configured for the user (business role), then check the contact's Owner and contact's associated Account's Account Team.
- You also need to double check whether the Contact is a Homeless Contact. Regarding to this, we have 2 scoping questions which will impact the system behavior. Please refer to 2527629 - How to Restrict Homeless Objects from Being Visible and 2575264 - User is Not Able to See My Contacts
Contact access, account , 联系人，权限 , KBA , LOD-CRM-ACC , Account , How To