Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from SP on May 17 at 4:40 AM Hi,
This is a standard risk perceived by GRC as well. You can have the creation of masterdata (hiring etc) and payroll authorizations in two separate roles and ideally with two different users. You can have the deletion of payroll result in a special role which can be assigned to users as and when required.
Cheers
| | | ---------------Original Message---------------
From: Archana Vithlani
Sent: Tuesday, May 15, 2012 3:34 PM
Subject: Authorizations to Be Limited While Hiring Employees
Good day Gurus,
My client is facing external SAP audit and is thus asking us to have very
orthodox authorizations.
One of the major requirements is that it should not be possible for someone
to hire an individual and run his payroll and then delete his/her result.
The client is asking for very rigid security on authorizations so that no
one should be able to tamper with the system. They want the system to
proactively prevent such security breaches rather than just having logs in
the system.
Even when i understand quite a bit about authorizations, this question has
totally baffled me.
Kindly advice.
Thanks and regards,
Archana. |
| Reply to this email to post your response. __.____._ |   _.____.__ |
