SAP Knowledge Base Article - Public

2533253 - How To Set Access Restrictions For Installed Base


  • An administrator created a Business Role XYZ (XYZ represents the name of the business role) with a read and write access restriction on Installed base
  • For example, using:
    • Rule 04 - Access based on the Employee
    • Territory assignment and
    • Service Organization of the Employee
  • When a user, who is assigned to Business Role XYZ logs on to the system and go to the Installed Base work center, the expectation is to only see the Installed Base where the user is part of the Involved Parties; however all are showing up.


  • SAP Hybris Cloud for Customer
  • SAP Cloud for Customer
  • SAP Cloud for Sales
  • SAP Cloud for Service

Reproducing the Issue

  • Prerequisite as seen in the description.
  • The same issue can be applied to other views (Registered Products, Installation Point, etc.).
    1. Log in with the effected user.
    2. Go to the Installed Base work center.
    3. You see all Installed Bases.


  • No owner for the Installed Base (or other objects) was maintained, and the system presumes the objects to be homeless/ orphaned.
  • Not providing any party determination for installed base/registered products - hence there is no way to set a determination for the owner to be pulled from the account as we do not presume that the account owner will also be the Installed Base owner.
  • This is as per requirements and not a bug and therefore is expected system behavior.


  • Important points to consider:
    • The owner on the Installed Base has to be edited manually.
    • Implicit determinations is not supported.
    • The bill-to, ship-to and payer can be picked up from the Relationship of the Account if they are maintained there.
    • The Service Technician is defaulted from the Account Team of the account, if maintained.
    • The access restriction of Installation Point and Registered Product does not work based on the Sales ORG. maintained in the overview facet.
    • The Sales ORG. does not affect the RBAM authorization.
  • Access restriction on Installation Point is based on the following fields:
    • Employee Responsible;
    • Service technician;
    • Service technician team;
    • Sales Territory;
    • Service Territory.
  • The 99 - Specific Restrictions will apply only to any of the above fields.
  • Sales Organization maintained in the Installation Point does not affect the restriction.

See Also

2438094 - Orphan Objects Still Visible After Scoping


Registered Products, Installation Point, Installed Base, Orphan Object, Access restriction, C4C, Authorization, Access, Restrictions, Cloud for Customer , KBA , c4c , access rights , access , ibase , LOD-CRM-ACC , Account , How To


SAP Cloud for Customer core applications all versions ; SAP Hybris Cloud for Customer add-ins 1708