ACSD-57337: Admin user with access restrictions could view all companies in the Companies grid

The ACSD-57337 patch fixes the issue where an admin user with access restrictions to specific websites could view companies from all websites in the Companies grid. This patch is available when the Quality Patches Tool (QPT) 1.1.48 is installed. The patch ID is ACSD-57337. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.5.0.

Affected products and versions

The patch is created for Adobe Commerce version:

  • Adobe Commerce (all deployment methods) 2.4.5

Compatible with Adobe Commerce versions:

  • Adobe Commerce (all deployment methods) 2.4.4 - 2.4.5-p6
NOTE
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

An admin user with access restrictions to specific websites could view companies from all websites in the Companies grid.

Steps to reproduce:

  1. Create an additional website, store and storeview.
  2. Create a few companies assigned to different websites.
  3. Create an admin user role, and set the role scope to the created website.
  4. Create an admin, and assign it to the created role.
  5. Log in with a new admin.
  6. Open Customers > Companies and observe the list of companies.

Expected results:

The companies that have been assigned to the additional website are visible in the Companies grid.

Actual results:

All companies are visible in the Companies grid.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.

recommendation-more-help
c2d96e17-5179-455c-ad3a-e1697bb4e8c3