- SAP Community
- Products and Technology
- Additional Q&A
- GRC CC rule update q2 2009
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC CC rule update q2 2009
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-07-2009 4:01 PM
Having taken a look at it, I don't agree with the fact that it recommends to remove the check of f_bkpf_koa in many tcode. For tcd FB05 for example, the Tcode is in functions AP01, AR01, GL01. If we remove the permission check f_bkpf_koa, the authroization check of FB05 in these 3 functions will be exactely the same. And because GL01 conflicts against AP01 and also AR01, every users having FB05 will have conflicts. Same case for FBV0, and also much more other tcds!!!
Does any body have an idea why SAP recommend to remove f_bkpf_koa check in the q2 2009 rule update?
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I think this is because a vendor accoutant, restricted on account type K (vendor) for object f_bkpf_koa is automatically authorized to post on S (GL) account type. This is mandatory to balance the post. Yet it makes him possible to post frrom GL account to GL account, even if he does not have S (GL) in his authorizations.
Same thing for a customer accountant who is restricted on D (customer) in his authorizations: he can post on GL accounts too.
Only GL accountant is really restrictied on GL account type if he has only S for object f_bkpf_koa in his authorizations.
So according to me, the rules should be:
AP01 => K
AR01 => D
GL01 => K, D, S, A, M
...which effectively create risks for every user who has FB05, FBV0...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Great first post Nicholas!
I can only add that your are not forced to just accept the recommended ruleset conditions! You need to assess the recommendations alongside your organisation and if at all possible in conjunction with your auditors to ensure that you have a shared view of the risks.
If you do not agree with the rules, then they can be amended to fit your needs but Nicholas seems to provide further information on the rationale.
Simon
- Is First Time Manager () in Human Capital Management Q&A
- Final Review Step in Onboarding 2.0 Process in Human Capital Management Blogs by Members
- SAP Asset Performance Management Embedding Cumulocity IoT to Drive Innovations in IoT and AI in Supply Chain Management Blogs by SAP
- SAP SuccessFactors Employee Central: 1H 2024 Release Highlights in Human Capital Management Blogs by Members
- Simplifying Employee and Manager Experiences with Employee Central Quick Actions in Human Capital Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.