/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Administrators and employees require the ability to control and access email channels based on organizational units.
- Without such control, employees may have access to all channels, which could lead to unauthorized email usage.
Environment
- SAP Service Cloud Version 2 1.0
- SAP Sales Cloud Version 2 1.0
Reproducing the Issue
- Log in as an administrator with access to Settings → Channel.
- Create or open an existing email channel.
- Do not assign any organizational unit to this channel.
- Assign a business role to a user where:
- The Business Service ID sap.crm.service.emailChannelService has Read and/or Write set to Restricted.
- A restriction rule based on organizational units is assigned.
- Log in as the restricted user.
- Navigate to the Email Channel screen.
Expected Result:
The restricted user can only see channels that include one of their assigned organizational units.
Observed Result:
The user cannot see the channel that has no organizational unit assigned, confirming access restrictions are enforced.
Cause
Consulting
Resolution
To manage access to email channels based on organizational units:
- Assign Organizational Units to Email Channels:
- Navigate to Settings → Channel
- Select the desired email channel. Use the Search and Add Organizational Unit icon to assign one or more organizational units to the channel.
- Define Access Restrictions via Business Roles:
- Go to User Menu → Settings → Roles.
- Select the role assigned to a non-admin user.
- Search for the business service with ID sap.crm.service.emailChannelService.
- Set Read and Write access to Restricted.
- Under Unassigned, select and assign the appropriate restriction rule based on organizational units.
Access Behavior Matrix:
| User Type | Read Access | Write Access | Behavior |
|---|---|---|---|
| Admin | Unrestricted | Unrestricted | Read/Write All |
| Admin | Restricted | Restricted | Read/Write per restriction |
| Admin | Unrestricted | Restricted | Read All, Write per restriction |
| Non-Admin | Unrestricted | Unrestricted | Read All, Write Restricted |
| Non-Admin | Restricted | Restricted | Read/Write per restriction |
| Non-Admin | Unrestricted | Restricted | Read All, Write Restricted |
- Restricted Admin Users: Can read, edit, and write only if the channel includes at least one of their authorized organizational units.
- Restricted Non-Admin Users: Can view (read-only) a channel if it includes at least one of their authorized organizational units. Edit/Create is not permitted.
- Legacy and Unassigned Channels:
- Channels without assigned organizational units (old or new) are not visible to users with restricted access.
- Unrestricted users retain visibility over all channels regardless of assignment.
Note:
The restrictions are based solely on Organizational Units, not Sales Data.
See Also
Keywords
email channel, access restriction, organizational unit, admin access, non-admin access, role-based access, Service Cloud V2, channel permissions , KBA , CEC-CRM-EML , Emails for SAP Sales/Service Cloud , Problem
Product
SAP Service Cloud Version 2 all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)