The Business User Assigned to a Business Role receives the error message 'You Are Not Authorized to Create This Account' is triggered on creating a new Account.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP Cloud for Customer
Reproducing the Issue
Go to the Customers work center.
- Go to the Accounts view.
- Select the New button.
- Enter a value in all mandatory fields.
- Select the Save button.
- The error message 'You Are Not Authorized to Create This Account' is triggered on creating a new Account.
In your Business Configuration Scoping, the question "Do you want in general restrict access to data records that do not contain any access restriction relevant content?" was answered with yes.
Path within the relevant implementation project:
Navigate to step 4. Questions. Expand: Built-in Services and Support -> System Management -> User and Access Management
- A possible cause of this is that the access restrictions of the User ID in the backend are outdated and do not fit the restrictions maintained in the Business Role.
This is the expected system behaviour. The user needs to add any access restriction relevant data (for example Sales data) before they are able to save/ create an account.
Go to the Administrator work center.
- Select Business Users under the User section.
- Select the line item of the Business User ABC (ABC represents the affected Business User).
- Select the Update Access Right button.
- Select Update Selected User from the dropdown list (please note that this might take a moment to fully trigger. The users need to log out and back into the system after the update is complete).
If the users still face the issue after you excluded both points 1. & 2., please forward to the development component LOD-CRM-ACC.
Overview for the scoping question: "Do you want in general restrict access to data records that do not contain any access restriction relevant content?
This business option allows you to control data access only based on the criteria defined by the restriction rules of a business role. Data records without any assignment applicable for the corresponding access context will not be visible to a business user that has restricted access to a business object, once this option is selected.
Note: A change in this scoping question (check or uncheck) triggers a mass data run in the backend. Once the selection has been made, please be aware of the time delay (possible next day) for existing records.
If you enable this scoping question and the "Compatibility mode for Access Context 1015" scoping question (that is also located within the "User and Access Management" section) is also in scope, then accounts that do have only sales data (and no account team or territory assignment) can still be accessed by a business user that has restricted account access. This is also valid for transactions that contain sales data without a territory or employee assigned.
Business User, Business Role, You Are Not Authorized to Create This Account, Customers, New , KBA , business user , business role , you are not authorized to create this ac , customers , new , LOD-CRM-ACC , Account , Problem