2971871 - Access Restriction on Sales Documents Varies Before and After Saving the Sales Documents

When creating a new sales order, the system initially checks the restrictions for sales orders. However, once saved it is possible to select any sales unit you from the drop down for the same Sales Order.

SAP Business ByDesign

Step 1: Assign the Access Restriction to the user

Step 2: Create a Sales Order without saving

Step 3: Save the sales order and change the sales unit

The mismatch in the access restriction is between step 2 and step 3

The reason for the behavior here is that when the sales order is not saved, there are no access control entries which exist for the employee responsible and once document is saved and access context entry is created for the user. System allows changes to the document if one the access context entries matches the criteria.

An employee with restriction to specific sales unit can create only sales orders for the specific sales unit but once the sales order is created, he has access to change the sales unit to any other value since he is the employee responsible for the document. This is expected behavior because the sales order has to be handed over to a different sales unit if in case they need to take care of the same. Also once the sales unit is changed and saved, the sales order no longer appears in the search result as it belongs to a sales unit to which he is not assigned.

The above use case is the reason behind this behavior.

Note: If a restriction to the view for an user has been assigned directly by editing the access rights of the business user and not coming via any business role. The restriction rules will be used only when the authorization is assigned via business role.

Access restriction, sales order, business user, Superordinate, Subordinate Sales Org, Restriction Rule , KBA , SRD-CC-IAM , Identity & Access Management , Problem