Symptom
Orphan objects still visible after scoping the question Do you want in general restrict access to data records that do not contain any access restriction relevant content?.
Environment
SAP Cloud for Customer
Reproducing the Issue
We will use Accounts as example.
- Log in with user user01(user01 represents the name of the user).
- Go to the Customers work centre.
- Select the Accounts view.
- Select the All filter query.
- User user01 is able to see orphan accounts, despite scoping.
Cause
Compatibility mode for Access Context 1015 (Employee, Territory, Sales Data) is scoped. This Scoping question is in contradiction with the question related to the restriction of data records without any access restriction relevant content.
Compatibility mode for Access Context 1015 is supposed to display all objects that were orphans, before introducing the third Access context Sales Data.
Resolution
In order to restrict the visibility of orphan objects fully you have to de-scope Compatibility mode for Access Context 1015 (Employee, Territory, Sales Data).
In order to do so you have to use the following steps:
- Go to the Business Configuration work centre.
- Select the Implementation projects view.
- Select the relevant project.
- Click the Edit Project Scope button.
- Click the Next button until you reach Step 4 Questions.
- Expand the Built-in Services and Support element.
- Expand the System Management element.
- Select the User and Access management element.
- Under the business option scope Compatibility mode for Access Context 1015 (Employee, Territory, Sales Data) unflag the question Do you want the Access Context 1015 - sales area restriction to be effective only for objects with employee or territory assignments?
The user should not see the orphan objects anymore.
Keywords
KBA , acl entry 555555555555555555555555555555 , LOD-CRM-ACC , Account , How To