SAP Knowledge Base Article - Public

3442140 - User is able to View the Data which User should not

Symptom

User YYY (where YYY represents user ID) is able to view Contacts in "My Contact Query" or "My Contact team's Query" which user should not view.

Environment

SAP Cloud for Customer

Reproducing the Issue

  1. Login with the user YYY.
  2. Go to Customer work center.
  3. Navigate to the Contact work center view.
  4. Associated User YYY is able to see the Contact XYZ (where XYZ is representing the contact ID). This Contact is not directly assigned to any Account Teams.
  5. User should not see the XYZ contact in "My Contacts Query" and "My Team's Contacts Query" views.

Issue : Why is the User YYY able to view XYZ in above query?

Cause

Contacts listed under "My Contacts Query" or "My Team's Contacts Query", the user YYY is part of the territory team assigned to the associated account.
This team association grants the user YYY visibility to the related contacts. 

Resolution

Contact XYZ is able to see by the User YYY because the user YYY is member or territory team assigned to the related Account.

Note: Refer below to understand the data which will be visible under the query

My Contacts
The "My Contacts" section includes all contacts where the logged-in employee is:

  1. A part of the Account team for the related Account, or
  2. A member of the Territory team assigned to the related Account, or
  3. A member of the Contact team.

My Team's Contacts
The "My Team’s Contacts" section includes:

  1. All Contacts of Accounts where the user is assigned as a member of the Account team, and
  2. For Sales Managers, all Contacts of Accounts where any subordinate is assigned as a member of the Account team.

See Also

2527629 - How To Restrict Homeless Objects From Being Visible

Keywords

My Contacts, My Team's Contacts & All Contacts. , KBA , LOD-CRM-CON , Contact , How To

Product

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions