3606164 - User is able to send e-mails to Contact Person from an Account despite access restrictions

The user is able to view and send e-mails to the contact person from an Account, despite the user have access restrictions that doesn't allow him/her to view the Contacts work center. 

SAP Cloud for Customer

1. Login with the affected user.
2. Go to Customers > Accounts.
3. Open the desired Account.
4. Go to Contacts tab, see there is no Contact displayed.
5. Go to Activities tab, see there are only the e-mails sent by the logged user.
6. In E-mails section, click new.
7. See the screen 'New E-mail' will be open with a contact displayed as the recipient and its e-mail address. User is able to write a message and successfully send the e-mail to the contact.

Expectation: As the user doesn't have access to the Contact from Account, the user should not be able to send an e-mail to the contact.

The system currently does not pass the restrictions for Contacts to the E-mail activity screen for default recipient determination.

If the default Account has a main Contact set up, it will always be defaulted as the default recipient when creating an E-mail activity from that account, regardless of the User's restrictions.

Therefore, as user is set as the Main Contact for the Account, all users will be able to see the Contact's e-mail address in E-mail screen opened from Account, as long user has access to E-mails.

This is the expected system behavior.

WOC, work view, workview, workcenter, contacted, email, emailed, restricted , KBA , LOD-CRM-ACC , Account , LOD-CRM-SC-EML , Email , LOD-CRM-CON , Contact , Problem