Symptom
There is an employee that is assigned in a Business Role which has the Restriction Rule 99 (Define Specific Restrictions) to a Business Objects (e.g Opportunities) and the access context is defined by Employee, Territory, Account and Sales Data. Currently, this user is having access to Business Objects that he is not allowed by the restriction rule.
Environment
SAP Cloud for Customer
Reproducing the Issue
- Login as the user XYZ (XYZ represents the user ID that has restriction rule 99 maintained).
- Go to the Sales work center.
- Go to the Opportunities view.
- Open the opportunity ABC (ABC represents the opportunity ID).
- You will be able to access this opportunity, but this opportunity does not fit in the Access Context maintained.
Cause
Even if the employee is not an Involved Party in the Business Object, he will have granted access to all Business Objects for all employees of the Organizational Units where the Business Role grants access to him. This include all the managers of the Organizational Units.
Resolution
This is the expected system behavior.
If the feature/functionality is needed as a matter of urgency, please refer to KBA 3475641 - Functionality Currently not Available
Keywords
Access Restriction, Employee, Organizational Unit, Involved Party, Business Role , KBA , SRD-CC-IAM , Identity & Access Management , How To