Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from JimmyJ2 on Jul 27 at 8:46 PM Thanks for your reply. I understand your first half and got some help with your second half.
So my new found understanding is that a subsidiary ledger is linked to a customer / vendor etc and config either fixes subsidiary ledger(s) to customers / vendors or allows more flexibility. If flexibility is allowed then the scenario you describe can happen which explains SAP's view on this.
However our subsidiary ledger assignment is fixed in config - so no manipulation (without opening up the client) is possible. Access to the subsidiary ledger can only come via a Customer / Vendor so therefore controls around those can be used as per my previous testing.
Am I on the right page?
| | | ---------------Original Message---------------
From: James Johnson
Sent: Tuesday, July 01, 2014 6:04 PM
Subject: Locking down FB01 and associated tcodes
Hi,
I've recently come across SAP Note 1600667 which describes transactions with SoD conflicts with themselves.
One example is FB01 which the Note says has the risk "Process Vendor Invoices and Post Journal Entry" and "Permissions are not different, mitigating control required".
I have set up a test user and restricted F_BKPF_BLA to a GL authorisation group and F_BKPF_KOA to GL account types only.
If I use FB01 and attempt to create a document of type KR (Vendor Invoice) or a GL document type and post to a vendor account then I am prevented in both cases due to these restrictions.
This is contrary to the SAP Note information - so either there is another factor I'm not aware of or the SAP Note is not entirely correct.
I'd value any feedback on experiences others have had on this subject or implementing restrictions in general with core Finance areas for the purpose of Segregation of Duties.
Thanks,
James. |
| Reply to this email to post your response. __.____._ |   _.____.__ |
