User A is assigned to Business Role B, which has restricted read and write access for Opportunities work center based on some rule. However, the user A can still see all the opportunities in the OWL.
SAP Cloud for Customer
Reproducing the Issue
- Check the Access Restriction for Business Role B, you can see for Opportunities work center, the role has restricted read and write access (for example, based on rule 3 - Territories)
- Logon with user A, go to Opportunities work center. You find there're opportunities visible although it should not for this user.
Although the Business Role B grants restricted access to COD_OPPORTUNITY_WOC which includes the Opportunity OWL, the role also includes the Workcenter PERSONALDATADISCLOSURE which has Unrestricted Access, which also grants access to the opportunity OWL.
So the user gets indirectly unrestricted access to the opportunity OWL which is why he can find an opportunity but cannot open it.
You should remove the work center PERSONALDATADISCLOSURE for business role B and update the access to user A.
Opportunity Access Restriction, owl , KBA , LOD-CRM-OPP , Opportunity Management , Problem