/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Users report that email interactions are not fully visible when access restriction rules are configured based on the Organizational Unit in the business role.
- Issue Observed:
- A user assigned to a business role with Email Interaction access restricted to Organizational Unit logs into the system.
- The user opens a draft case (e.g., CASE12345) assigned to them.
- On the Timeline tab of the case, only the emails they personally sent are visible.
- Inbound emails and outbound emails sent by other users within the same organizational unit are not displayed.
- This behavior resembles the Employee – Myself restriction setting, not Organizational Unit, as configured.
Environment
- SAP Service Cloud Version
- SAP Sales Cloud Version
Reproducing the Issue
- Create a business role (e.g., Z_DEMO_ROLE) with Email Interaction access restricted to Organizational Unit.
- Assign the role to a test user (e.g., AGENT_ONE).
- Trigger a case (e.g., CASE12345) via an inbound email.
- Have users within the same org unit (e.g., AGENT_TWO) send additional outbound emails on the case.
- Log in as AGENT_ONE, open CASE12345, and view the timeline.
- Notice only emails sent by AGENT_ONE are visible.
Cause
The issue is caused by the system's current design where inbound emails do not have an Org Unit assigned, and there’s no field to assign it in the email’s party roles.
Resolution
- Access restrictions for email interactions are determined as follows:
- Outbound Emails:
- The system determines the organizational unit based on the user who created the email activity.
- If an email is sent from the UI, the logged-in user's org unit is used.
- If the email is created via API or groupware, the system uses the org unit of the user associated with the API call.
- Inbound Emails:
- When received via communication channels (e.g., mail servers), there is no logged-in user, so the system does not assign an org unit.
- If created via API/groupware, the org unit is determined from the API user, similar to outbound emails.
- Outbound Emails:
- Expected Behavior:
- Inbound emails will not be visible to users with Organizational Unit restrictions unless an org unit is explicitly determined.
- To enable visibility of emails across users in the same org unit, ensure the Email Interaction restriction rule uses “My Organizational Unit” instead of “Organizational Unit” alone.
Keywords
email visibility, organizational unit, email interaction restriction, SAP Service Cloud V2, timeline, inbound email access, business role, access control, visibility , KBA , CEC-CRM-CHN , Channels for SAP Sales/Service Cloud , CEC-CRM-EML , Emails for SAP Sales/Service Cloud , Problem
Product
SAP Sales Cloud and SAP Service Cloud Version 2 all versions
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)