why are users able to see bank accounts and bank statements for business unit not assigned to them
Summary:
Content (please ensure you mask any confidential information):
The users in question are not using the seeded Cash Manager role. Instead, we created a custom role and ensured that the Bank Statement Reconciliation duty role embedded within it does not include any data security policies that would allow access to all business units.
Notably, users are not able to access all business units for AR and AP transactions, which is the expected behavior.
However, this issue appears to be specific to Bank Statement Reconciliation. Users are currently able to view all bank accounts and associated bank statements across all countries while performing bank statement reconciliation, even though bank accounts are secured using country-specific bank account roles.