SAP Knowledge Base Article - Public

2470851 - Unauthorized User is Able to Edit Tickets


An user that had previous access to a ticket is still able to edit and save it once access is changed.

Reproducing the Issue

  1. User ABC (ABC represents User ID) has created Ticket 123 (123 represents Ticket ID) and then:
  2. Goes to Service work center;
  3. Tickets view;
  4. Opens Ticket ID 123;
  5. Clicks on Edit;
  6. Change the Agent to another user;
  7. Clicks on Save.

Now, User ABC lost the access rights to the Ticket 123, as it is being worked on by another user.

  1. Clicks on Edit again;
  2. Changes any attribute of the Ticket, let's say, add an interaction;
  3. Clicks on Save;
  4. Message: "Your Entries Have Been Saved" is shown even though User ABC does not have access to Ticket 123 anymore.


User ABC is the last user that changed Ticket 123.

Technically speaking, the access rights are lost as soon as the new Agent is added, however, User ABC would still need to save the Ticket and confirm the changes.

For that reason, the User who made the last change to the Ticket will still have access to it, even if their access restrictions are set otherwise.


As soon as the new Agent makes a change, the access restriction will be as expected.


KBA , SRD-CC , Cross Components , How To


SAP Hybris Cloud for Customer add-ins 1702 ; SAP Hybris Cloud for Customer add-ins 1705 ; SAP Hybris Cloud for Customer add-ins 1708 ; SAP Hybris Cloud for Customer add-ins 1711