Symptom
User A is assigned to Business Role B, which has restricted read and write access for Opportunities work center based on some rule. However, the user A can still see all the opportunities in the OWL.
Environment
SAP Cloud for Customer
Reproducing the Issue
- Check the Access Restriction for Business Role B, you can see for Opportunities work center, the role has restricted read and write access (for example, based on rule 3 - Territories)
- Logon with user A, go to Opportunities work center. You find there're opportunities visible although it should not for this user.
Cause
Although the Business Role B grants restricted access to COD_OPPORTUNITY_WOC which includes the Opportunity OWL, the role also includes the Workcenter PERSONALDATADISCLOSURE which has Unrestricted Access, which also grants access to the opportunity OWL.
So the user gets indirectly unrestricted access to the opportunity OWL which is why he can find an opportunity but cannot open it.
Resolution
You should remove the work center PERSONALDATADISCLOSURE for business role B and update the access to user A.
See Also
Keywords
Opportunity Access Restriction, owl , KBA , LOD-CRM-OPP , Opportunity Management , Problem