Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Customers data restriction access not applying

former_member656863
Participant

on ‎2020 Sep 10 2:26 PM

1,876

I am facing an issue while trying to restrict data access (Read/Write) to Customers (Accounts/Ind. Cust.).


Presentation :

  • I’ve created a territory structure LVL1=Country, LVL2=Region, LVL3=Departments (France)
  • In my system, there are several Business Users who have read and write permissions on Customers (Accounts/Ind. Cust.)
  • I have created the Business Role SECRETAIRE_CDO
  • I gave it the access to Customers (Accounts/Ind. Cust.) with the following Access Restrictions :
    • Individual Customers : Read Access (Unrestricted) / Write Access (Restricted) with the Restriction Rule « 3 – Territories ».
    • Same for Accounts
  • Then, I created the Business User TSECRETAIRECDO who’s assigned to the SECRETAIRE_CDO Business Role. Moreover, TSECRETAIRECDO belongs to the territory (LVL3) C.D.O.M.K. 75
  • I also created two individual customers :
    • CustomerTest57 who belongs to the Territory : C.D.O.M.K. 57
    • CustomerTest75 who belongs to the Territory : C.D.O.M.K. 75


Problem Description :

As TSECRETAIRECDO (with territory C.D.O.M.K. 75), I should be able to read information about both individual customers. => OK.

But, I should only be able to modify data about CustomerTest75, and I should not be able to modify information about CustomerTest57.
However, TSECRETAIRECDO can also modify data about CustomerTest57.

I did the same test scenario with Accounts and it's the same behavior.

Am I missing a step during the Access Restriction process?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

palu
Product and Topic Expert
Product and Topic Expert
‎2020 Sep 11 3:13 AM
0 Likes

Hi Khin,

1. Sometimes, the access assigned to the user via business roles would not have updated. Kindly navigate to Administrator -> Business Users -> Edit Access Rights to check, Whether the restricted access was applied to the Particular work center view.

2. If two work center views are sharing same UI Component and if you have given Unrestricted Writer access to one view and Restricted write access to another view, Unrestricted write access will be applied to all the views. Kindly provide restricted write access to all the views in the Customer work center and try once.

3. Kindly provide the details on how you have assigned the territory (LVL3) C.D.O.M.K.75 to the user TSECRETAIRECDO.

Regards,

Palani.

Show replies
Show replies
former_member656863
Participant
‎2020 Sep 11 12:01 PM
0 Likes

Hi,

Thank you for your time, much appreciated!

I attached some screenshots to answer your 2 first questions.
Concernerning the 3 point, I assigned my users through Sales>Territories with the standard Role (screens attached as well).

1. SCDO57 > the Admin user who's assigned Territory 57, he will create the Customer later on and assign that customer to his Territory 57.


2.SCDO75 > the TSECRETAIRECDO who's assigned Territoy 75.

former_member656863
Participant
‎2020 Sep 11 12:01 PM
0 Likes

3. CustCDO57 > the Customer created by Admin (57).


4. SCustCDO57 > the Customer created by Admin (57), opened from TSECRETAIRECDO (75) in anonymous window. She can still modify the Customer's data

former_member656863
Participant
‎2020 Sep 11 12:02 PM
0 Likes

5. ARSecretary1 > Access Rights check 1


6. ARSecretary2 > Access Rights check 2 > Same for Accounts WoCView

former_member656863
Participant
‎2020 Sep 11 12:02 PM
0 Likes

7. ARSecretary3 > Both Accounts and Ind. Cust. have only Territory 75 and 91 (former assignment, but it should affect access restriction to Customers with Territory 57...) checked

Did I miss a step?

arun02_12
Contributor
‎2020 Sep 11 2:34 AM
0 Likes

Dear 0021353747,

You can use the feature Check User's Authorization in Administration WC, General settings to check what exactly is happening. ( Keep Object type as BP).

You can compare the User Access and Document Access to see what is common so that you can get why he is getting the write access.
https://blogs.sap.com/2018/04/13/access-control-management-how-to-analyze-access-control-issues-chec...

----------------------------------------

Check incase if the employee is assigned to more than one territory.
Check if he/she is not assigned to any higher level territory of C.D.O.M.K. 57.

Check if the user has More than 1 business role assigned. The system will only consider the most lenient access restriction.

Best Regards,

Arun




Show replies
Show replies
nerevar
Participant
‎2020 Sep 11 1:48 PM
0 Likes

Hi arun02.12

checking the user access control on this user and a customer he should not be able to edit :

And in the "User Access" we have 

User K9SNRCLXA3Q          Alias TSECRETAIRECDO                          
User is not substituting other employees
WoCView             Design Reports                                    Unrestricted Read and Write           
WoCView             Design Dashboards                                 Unrestricted Read and Write           
WoCView             Design Data Sources                               Unrestricted Read and Write           
WoCView             Design Key Figures                                Unrestricted Read and Write           
WoCView             Design KPI                                        Unrestricted Read and Write           
WoCView             Business Partners                                 Unrestricted Read READ-ONLY           
WCView             Common Authorizations                             Unrestricted Read and Write            
WoCView             Common Authorizations for Employees               Restricted Read and Write             
WoCView             Common Authorizations for Users                   Restricted Read and Write             
WoCView             Accounts                                          Unrestricted Read, Restricted Write   
Access context 1015
                    [Territory] 671                                   C.D.O.M.K. 75     
WoCView             Campaigns                                         Unrestricted Read and Write           
WoCView             Content                                           Unrestricted Read and Write           
WoCView             Dashboard                                         Unrestricted Read and Write           
WoCView             Reports                                           Unrestricted Read and Write           
WoCView             Individual Customers                              Unrestricted Read, Restricted Write   
Access context 1015
                    [Territory] 671                                   C.D.O.M.K. 75  
WoCView             Target Groups                                     Unrestricted Read and Write           
WoCView             Territories                                       Unrestricted Read READ-ONLY           
WoCView             Org Structures                                    Unrestricted Read READ-ONLY           
WoCView             Administration                                    Unrestricted Read and Write           
WoCView             Deletion of Delivered Objects Authorization       Unrestricted Read and Write           
WoCView             Production Fix Authorization                      Unrestricted Read and Write           
WoCView             Production Debugging Authorization                Unrestricted Read and Write           
WoCView             Employee Support                                  Unrestricted Read and Write           
WoCView             Queue                                             Unrestricted Read and Write           
WoCView             Tickets                                           Unrestricted Read and Write           
WoCView             Tickets                                           Unrestricted Read and Write           
WoCView             Technical: Desktop Navigation                     Unrestricted Read and Write           
WoCView             Technical: Tablet Navigation                      Unrestricted Read and Write
nerevar
Participant
‎2020 Sep 11 1:50 PM
0 Likes

here is what we have in document tab

Ask a Question