Symptom
Restriction rule on Read Access for Employees to a Business Role: Sales Organization by Employee does not restrict employees to view other employees from different country.
Reproducing the Issue
1) Login to the system as an Administrator.
2) Go to Application and User Management workcenter.
3) Go to User and Access Management view.
4) Go to Business Roles subview.
5) Show All Business Roles and open the ID: XXX.
6) Choose View All.
7) Go to the tab Access Restrictions and choose the workcenter view Employees.
8) Select Read Access as Restricted.
Restriction Rule: YYY.
9) Select the Write Access as No Access.
To check the acces of Employee:
1) Login to the system as Employee.
2) Go to Customers workcenter.
3) Go to Accounts view.
4) Select New.
Country: ZZZ
Language: Country Specific
5) In the field Owner, using the Value Help, you will find employees from other countries as well.
Cause
User has Unrestricted Read and Write access to COD_DASHBOARD_MANAGER, COD_REGISTERED_PRODUCT_WCVIEW, COD_DASHBOARD_REPRESENTATIVE ,CODACCOUNTVISITWCV and COD_DASHBOARD_WINLOSS workcenters.
In a detailed view of these workcenters, they have Unrestricted Read and Write access to All Employees in the organisation and All Territories in the Model.
Resolution
You can create another rule to restrict all workcenters that have the employee in the access context.
Keywords
KBA , LOD-CRM-EMP , Employee , How To