3442140 - User is able to View the Data which User should not

User YYY (where YYY represents user ID) is able to view Contacts in "My Contact Query" or "My Contact team's Query" which user should not view.

SAP Cloud for Customer

1. Login with the user YYY.
2. Go to Customer work center.
3. Navigate to the Contact work center view.
4. Associated User YYY is able to see the Contact XYZ (where XYZ is representing the contact ID). This Contact is not directly assigned to any Account Teams.
5. User should not see the XYZ contact in "My Contacts Query" and "My Team's Contacts Query" views.

Issue : Why is the User YYY able to view XYZ in above query?

Contacts listed under "My Contacts Query" or "My Team's Contacts Query", the user YYY is part of the territory team assigned to the associated account.
This team association grants the user YYY visibility to the related contacts. 

Contact XYZ is able to see by the User YYY because the user YYY is member or territory team assigned to the related Account.

Note: Refer below to understand the data which will be visible under the query

My Contacts
The "My Contacts" section includes all contacts where the logged-in employee is:

1. A part of the Account team for the related Account, or
2. A member of the Territory team assigned to the related Account, or
3. A member of the Contact team.

My Team's Contacts
The "My Team’s Contacts" section includes:

1. All Contacts of Accounts where the user is assigned as a member of the Account team, and
2. For Sales Managers, all Contacts of Accounts where any subordinate is assigned as a member of the Account team.

2527629 - How To Restrict Homeless Objects From Being Visible

My Contacts, My Team's Contacts & All Contacts. , KBA , LOD-CRM-CON , Contact , How To

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions