3044358 - Access Restriction for Cloud for Customer Enterprise Search

A Business User has been restricted to access certain objects, for example a Sales Order. However, the Business User can access restricted Sales Order via the Enterprise Search. The restrictions are working as expected per the work center view level.

SAP Cloud for Customer

1. Ask the affected Business User to log in to the system.
2. Go to the Sales workcenter.
3. Go to the Sales Order view.
4. Search for the Sales Order ABC (ABC represents the sales order ID) which the Business User should have no access. 
5. The Business User will not see the restricted Sales Order in the Overview Worklist (OWL).
6. Click on the Enterprise Search and search for the same restricted Sales Order again. 
7. The restricted Sales Order will be shown as a result. 
8. Business user is now able to click on the link to open the Sales Order to which he should has no access.

The Business User is having access to the Sales Order ABC from sales organization 123 (123 represents the sales organization ID). From OWL, only My Sales Order is configured and that query shows only the Sales Order created by the Business User. Hence, the Sales Order ABC is not appearing. But in Enterprise Search, which every Sales Order from sales organization 123 that the Business User have access, everything will appear.

KBA 2594061 - Access Restriction Not Working For Enterprise Search

Enterprise Search, Sales Orders, Sales, Business User, Access Restriction , KBA , LOD-LE-CQP-CO , Lean Sales Orders , How To

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications 2102