2836662 - Contact Access Restriction is Not Working as Expected in Opportunity's Contact Facet

Your user XXX (XXX represents your user's name) does not have access to Contact ABC (ABC represents the contact name), however, when you create a new opporutnity with account XYZ (XYZ represents the account name); the Contact ABC is automatically determined as associated contact.

When you go to the opportunity's Contacts facet, you can see all the details of the contact.

SAP Cloud for Customer

1. Logon with user XXX. 
2. Go to the Opportunities work center view. 
3. Create a new opportunity with Account XYZ. The Contact ABC is auotomatically determined in the opportunity. (NOTE: Contact ABC is associated with Account XYZ)
4. Go to the Contacts facet of the opporutnity: you can see all the details of the Contact including phone number, email address, etc. 
5. However, if you click on the Contact ABC to open the object, you get the error "You are not authorized to access this object. If you want access, ensure that it is added to your role."

This is because your user XXX does not have access to Contact ABC based on the access restriction rule. 

If the system automatically determines a contact for an Opportunity, the system shows this contact in the Opportunity UI, irrespective of the user's authorization for contact master data.

This is the SAP standard behavior.

You might want to influence this by key user UI adaptation.
You might check to use e.g. page layout to hide some UI elements like facets, lists or columns, if some details of the contact's data are seen as critical and should not be shown in the Opportunity UI.

Contact, Access, Opportunity, Authorization , KBA , LOD-CRM-OPP , Opportunity Management , How To

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions