2533253 - How To Set Access Restrictions For Installed Base

• An administrator created a Business Role XYZ (XYZ represents the name of the business role) with a read and write access restriction on Installed base
• For example, using:
  • Rule 04 - Access based on the Employee
  • Territory assignment and
  • Service Organization of the Employee
• When a user, who is assigned to Business Role XYZ logs on to the system and go to the Installed Base work center, the expectation is to only see the Installed Base where the user is part of the Involved Parties; however all are showing up.

SAP Cloud for Customer

• Prerequisite as seen in the description.
• The same issue can be applied to other views (Registered Products, Installation Point, etc.).
  1. Log in with the effected user.
  2. Go to the Installed Base work center.
  3. You see all Installed Bases.

• Restriction on Registered Product, Installed Base and Installation Points is by Sales Territory, Service Territory, Employee Responsible, Service Technician and Service Technician Team(Org). One of those parties has to be maintained in the object to attribute access restriction relevant data to it. If the object has none of those parties maintained, it will be considered as a Homeless Object.
• Not providing any party determination for installed base/registered products - hence there is no way to set a determination for the owner to be pulled from the account as we do not presume that the account owner will also be the Installed Base owner.
• This is as per requirements and not a bug and therefore is expected system behavior.

• Important points to consider:
  • The owner on the Installed Base has to be edited manually.
  • Implicit determinations is not supported.
  • The bill-to, ship-to and payer can be picked up from the Relationship of the Account if they are maintained there.
  • The Service Technician is defaulted from the Account Team of the account, if maintained.
  • The access restriction of Installation Point and Registered Product does not work based on the Sales ORG. maintained in the overview facet.
  • The Sales ORG. does not affect the RBAM authorization.
• Restriction on Registered Product, Installed Base and Installation Points is by Sales Territory, Service Territory, Employee Responsible, Service Technician and Service Technician Team(Org).
• The 99 - Specific Restrictions will apply only to any of the above fields.
• Sales Organization maintained in the Installation Point does not affect the restriction.

KBA 2438094 - Orphan Objects Still Visible After Scoping

Registered Products, Installation Point, Installed Base, Orphan Object, Access restriction, C4C, Authorization, Access, Restrictions, Cloud for Customer c4c, access rights, access, ibase , KBA , LOD-LE-IBA , Installed Base Data Management , How To

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions