Announcement:
wanna exchange links? contact me at sapchatroom@gmail.com.
Posted by
Admin at
Reply from JimmyJ2 on Jul 29 at 10:36 PM Thanks Peter,
I understand what you're saying but I'm not sure how to post to a subsidiary ledger without going via another account (customer / vendor etc).
If I use FB01 I get error message F5354 with diagnosis "Account xxxx in company code yyyy is marked as a reconciliation account for account type "K" and cannot therefore be directly posted to."
Do I conclude we (with current config) cannot directly post to a subsidiary ledger or should I be using a different tcode? (If so - which).
Cheers,
James
| | | ---------------Original Message---------------
From: James Johnson
Sent: Tuesday, July 01, 2014 6:04 PM
Subject: Locking down FB01 and associated tcodes
Hi,
I've recently come across SAP Note 1600667 which describes transactions with SoD conflicts with themselves.
One example is FB01 which the Note says has the risk "Process Vendor Invoices and Post Journal Entry" and "Permissions are not different, mitigating control required".
I have set up a test user and restricted F_BKPF_BLA to a GL authorisation group and F_BKPF_KOA to GL account types only.
If I use FB01 and attempt to create a document of type KR (Vendor Invoice) or a GL document type and post to a vendor account then I am prevented in both cases due to these restrictions.
This is contrary to the SAP Note information - so either there is another factor I'm not aware of or the SAP Note is not entirely correct.
I'd value any feedback on experiences others have had on this subject or implementing restrictions in general with core Finance areas for the purpose of Segregation of Duties.
Thanks,
James. |
| Reply to this email to post your response. __.____._ |   _.____.__ |
