On Sage 200 you can set up mutiple integrations between CRM and different 200 companies. A customer has a live 200 database and a test 200 database. I have CRM configured at the moment to connect to the test system while I install and configure it. The default territory is set to Test Data which is a child territory of Worldwide. There is another child territory of Worldwide called Live Data which will be the integration to the live company. Both integrations have been set up and connected and the data comes across perfectly and syncs back and forth to the correct 200 system. No problems so far.
Now, the admin user is Worldwide territory. My testing user is Test Data and the other users in CRM are Live Data. If I make one of the live users an admin, they can suddenly see all the Test Data territory data as well as their own. Under Security Policies, everything is set to no. Under Security Profiles, there are 2 defined. The standard out of the box unrestricted one and the only users that have access to that are admin, my test user and the one customer user defined as admin. The other profile is a copy but with delete rights removed. All other users are in that profile.
Why then, if the customer admin user is set as an admin, can they see records that are not in their territory? The admin guide states that the territory acts as a silent filter. Basically if the records aren't in your territory, you shouldn't be able to see them. It doesn't say that you won't be able to see them, unless you're an admin user. It just says they will not be visible to the user.
This is 7.3SP1.2.