Symptom
A user sees objects in the object OWL (for example opportunities) to which they should not have access. While the objects cannot be opened (no access), the expectation is that this user should not see them at all.
The objects in question are not homeless.
Environment
SAP Cloud for Customer
Cause
Sticking with the example of opportunities: in addition to the restricted access to Opportunities and Pipeline, the user also has unrestricted access to the work center view Personal Data Disclosure (WoC Data Protection and Privacy) which is also integrating the OWL for Opportunities.
Personal Data Disclosure and Personal Data Removal should have the same impact.
Resolution
To support Data Disclusure, IAM authorizations is cumulating the access rights for the OWL and all Opportunities are listed. Only when accessing a disallowed object do you get the authorization error popup. In case you want to avoid this, remove the access rights for Personal Data Disclosure.
Keywords
KBA , LOD-CRM-OPP , Opportunity Management , AP-RC-ILM-RET , Retention Management , Problem