SAP Knowledge Base Article - Public

2879416 - Local Admin - Access restriction

Symptom

A user sees objects in the object OWL (for example opportunities) to which they should not have access. While the objects cannot be opened (no access), the expectation is that this user should not see them at all.

The objects in question are not homeless.

Environment

SAP Cloud for Customer

Cause

Sticking with the example of opportunities: in addition to the restricted access to Opportunities and Pipeline, the user also has unrestricted access to the work center view Personal Data Disclosure (WoC Data Protection and Privacy) which is also integrating the OWL for Opportunities.

Personal Data Disclosure and Personal Data Removal should have the same impact.

Resolution

To support Data Disclusure, IAM authorizations is cumulating the access rights for the OWL and all Opportunities are listed. Only when accessing a disallowed object do you get the authorization error popup. In case you want to avoid this, remove the access rights for Personal Data Disclosure.

Keywords

KBA , LOD-CRM-OPP , Opportunity Management , AP-RC-ILM-RET , Retention Management , Problem

Product

SAP Cloud for Customer core applications 1911