MDVA-41350: Exception when admin adds products outside their access

The MDVA-41350 patch fixes the issue where an exception error is thrown instead of a limited access notification when an admin user adds a product in the order by SKU which is outside their access. This patch is available when the Quality Patches Tool (QPT) 1.1.11 is installed. The patch ID is MDVA-41350. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.5.

Affected products and versions

The patch is created for Adobe Commerce version:

  • Adobe Commerce (all deployment methods) 2.3.5-p1

Compatible with Adobe Commerce versions:

  • Adobe Commerce (all deployment methods) 2.3.0 - 2.4.3-p1
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.


When an admin user with restricted access adds a product by SKU outside their access in the order, an exception occurs instead of a message notifying the user of their limited access.

Steps to reproduce:

  1. Log into the admin as a user with access to only a specific website.
  2. Go to Sales > Orders and click Create New Order.
  3. Select a customer and a store view.
  4. Click on Add Products by SKU.
  5. Search for an SKU that is not assigned to any website or not assigned to the website for which you have access.
  6. Click Add to Order.

Expected results:

An appropriate error message is displayed.

Actual results:

An exception occurs.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT, refer to Patches available in QPT in our developer documentation.