SAP Knowledge Base Article - Public

2470851 - Unauthorized User is Able to Edit Tickets

Symptom

An user that had previous access to a ticket is still able to edit and save it once access is changed.

Environment

SAP Cloud for Customer

Reproducing the Issue

  1. User ABC (ABC represents User ID) has created Ticket 123 (123 represents Ticket ID) and then:
  2. Goes to Service work center;
  3. Tickets view;
  4. Opens Ticket ID 123;
  5. Clicks on Edit;
  6. Change the Agent to another user;
  7. Clicks on Save.

Now, User ABC lost the access rights to the Ticket 123, as it is being worked on by another user.

  1. Clicks on Edit again;
  2. Changes any attribute of the Ticket, let's say, add an interaction;
  3. Clicks on Save;
  4. Message: "Your Entries Have Been Saved" is shown even though User ABC does not have access to Ticket 123 anymore.

Cause

User ABC is the last user that changed Ticket 123.

Technically speaking, the access rights are lost as soon as the new Agent is added, however, User ABC would still need to save the Ticket and confirm the changes.

For that reason, the User who made the last change to the Ticket will still have access to it, even if their access restrictions are set otherwise.

Resolution

As soon as the new Agent makes a change, the access restriction will be as expected.

Keywords

Tickets, Access Restriction, C4C, Agent , KBA , LOD-CRM-SRP , Service Request Processing , How To

Product

SAP Cloud for Customer core applications all versions