SAP Knowledge Base Article - Public

3151937 - User Can See Accounts Which They Shouldn't have Access To


You changed the Business Role for a given User, however, the recent Accounts list is showing Accounts to which the user no longer has access to.


 SAP Cloud for Customer

Reproducing the Issue

After changing the Business Role access rights through which the user's access is now restricted for objects they previously had access to, in our example for sales objects: 

  1. Navigate, for example, to the Sales Workcenter.
  2. Open any Sales BO, e. g. Sales Quotes view.
  3. Create a new Sales Quote.

Result: when clicking the Account OVS, the autosuggestions are not restricted. You can see recent accounts to which the user no longer has access to. 


After the user's Business Role is changed, they will still be able to see some values for which they no longer have read authorization. However, they should not be allowed to select such values.

When the Business Role changes, the system will not have any indication that a role change has happened. So, currently, there is no way to trigger an OVS cache invalidation.


 The only way to solve this issue is for the user themselves to clear the browser cache manually.


Dropdown list ; Restricted ; Account ; Search ; User ; Recent ; OVS , KBA , LOD-CRM-OPP , Opportunity Management , How To


SAP Cloud for Customer add-ins all versions