/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Unauthorized users are having access to restricted tickets, including the ones with "Confidential Queue" enabled.
Environment
SAP Cloud for Customer
Cause
The moment a ticket is assigned to an employee, the Primary Role of the employee will take priority and override other configured restrictions, including the Confidential Queue option. This is standard system behavior.
Resolution
The only way to manipulate the ticket instance ACL (Access Control List) is by implementing a custom SDK PDI logic. With this implementation, you can delete unwanted organizational entries from the ACL when the "Assigned To" field is filled.
A possible workaround is to remove the assigned employee. By doing this, the formerly assigned employee will still have access to the ticket, while other users related to the Primary Org Unit will not.
See Also
2777265 - User Can See Tickets Assigned To Other Users
2583957 - User Always Has Access Right to Ticket Independent of Access Restriction Rules
Keywords
Access Restriction, Tickets, Org Units, Primary Role, Secondary Role, Business Roles, Confidential , KBA , LOD-CRM-SRP , Service Request Processing , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)