SAP Knowledge Base Article - Public

3231147 - Access Restriction for Accounts is Not Working As Expected

Symptom

You have assigned No Access of Accounts to a user, but still he/she can view and modify Accounts.

Environment

SAP Business ByDesign

Reproducing the Issue

  1. Navigate to Application and User Management work center.
  2. Go to Business Users view.
  3. Select the relevant user XXX.
  4. Edit and Access Rights.
  5. Go to Access Restrictions tab.
  6. Filter with BPM_ACCOUNTS:Read - No Access, Write - No Access.

Now log-in with user XXX.

  1. Navigate to Account Management work center.
  2. Go to Accounts view.
  3. Select any random account.
  4. Edit the account.
  5. Change any value and Save.
  6. You are able to save the changes.

 

Cause

The Accounts UI (OWL) is also part of the view BPM_HIGHVOLUMEACCOUNTS, in addition to view BPM_ACCOUNTS. The user has unrestricted read and write access to view BPM_HIGHVOLUMEACCOUNTS, which is the reason why the user is able to see account.

Resolution

Same restriction needs to be maintained on the view BPM_HIGHVOLUMEACCOUNTS as well.

  1. Navigate to Application and User Management work center.
  2. Go to Business Users view.
  3. Select the relevant user XXX.
  4. Edit and Access Rights.
  5. Go to Access Restrictions tab.
  6. Filter with BPM_HIGHVOLUMEACCOUNTS.
  7. Set as Read - No Access, Write - No Access.

Keywords

Access restriction, Accounts, BPM_ACCOUNTS, BPM_HIGHVOLUMEACCOUNTS , KBA , accounts , access restriction , bpm_accounts , bpm_highvolumeaccounts , SRD-CC-IAM , Identity & Access Management , Problem

Product

SAP Business ByDesign all versions