/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
You have assigned No Access of Accounts to a user, but still he/she can view and modify Accounts.
Environment
SAP Business ByDesign
Reproducing the Issue
- Navigate to Application and User Management work center.
- Go to Business Users view.
- Select the relevant user XXX.
- Edit and Access Rights.
- Go to Access Restrictions tab.
- Filter with BPM_ACCOUNTS:Read - No Access, Write - No Access.
Now log-in with user XXX.
- Navigate to Account Management work center.
- Go to Accounts view.
- Select any random account.
- Edit the account.
- Change any value and Save.
- You are able to save the changes.
Cause
The Accounts UI (OWL) is also part of the view BPM_HIGHVOLUMEACCOUNTS, in addition to view BPM_ACCOUNTS. The user has unrestricted read and write access to view BPM_HIGHVOLUMEACCOUNTS, which is the reason why the user is able to see account.
Resolution
Same restriction needs to be maintained on the view BPM_HIGHVOLUMEACCOUNTS as well.
- Navigate to Application and User Management work center.
- Go to Business Users view.
- Select the relevant user XXX.
- Edit and Access Rights.
- Go to Access Restrictions tab.
- Filter with BPM_HIGHVOLUMEACCOUNTS.
- Set as Read - No Access, Write - No Access.
Keywords
Access restriction, Accounts, BPM_ACCOUNTS, BPM_HIGHVOLUMEACCOUNTS , KBA , SRD-CC-IAM , Identity & Access Management , Problem
Product
SAP Business ByDesign all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)