Inbound email classification behavior is different for watermark or subject when user does not have access to the target record. When the domains are different, access is validate. The Reply Incoming emails with "watermark" from users without domain access fails with the error string 'Unable to locate <table> <sys_id> for inbound email processing'. However, Reply incoming emails with subject matching a target record from users without domain access are classified as New without error.
Steps to Reproduce
Note – This procedure uses demo data.
Activate the Domain Support - Domain Extensions Installer plugin.
Create an email account and limit access.
Go to /sys_user_list.do form and open the abel.tuter record.
Set the Email field to <your-email-account>, and set Domain (Domain A) to TOP/Initech.
Change to domain B: TOP/MSP/Default.
Create an incident and limit access.
Navigate to Incident > Create New and create an incident, for example, INC0010008, with caller "Alejandra Prenatt" and Domain B. Click Submit.
Open the incident, add a work note, and click Post.
Provide information for the other required fields and click Update.
This will limit the access.
Go to /sys_watermark.do and find the watermark generated by the email notification triggered on sys_watermark.
Impersonate abel.tuter and ensure that user cannot open INC0010008.
Attempts to open the record show "Record not found".
Ensure that the user has no access to the record.
On your own email, send an email to the instance with the subject "Testing watermark Ref:MSG0000841".
On your own email, send a second email to the instance with the subject "RE: INC0010008 testing subject".
The second email is classified as New and no error is produced.
However, the second email should fail with the same error as the first email when a watermark is added: "Unable to locate <table> <sys_id> for inbound email processing".
Email logs will show
Subject or body with watermark
Error string 'Unable to locate incident bf7e63e04f097e00d69f5a701310c794 for inbound email processing'
Subject with target number
Inbound action of type ‘Reply’ will not match
Educate users that only senders with the right domain are able to update the incidents.
If this issue occurs, ensure the sender is in the right domain or ask them to email to an user with the right domain to update the incident on their behalf.
To avoid creating a new incident on replies with an incident number, create a new inbound action of type New that stops processing for those cases.
This example has the following condition:
email && email.subject && /^re:.+(INC[0-9]+)/gi.test(email.subject)
Related Problem: PRB809773