cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FBL5N - in Rule set - It is a Display customer line items

Go to solution
Former Member

on ‎09-09-2010 8:13 AM

0 Kudos

Dear All,

We observed that FBL5N - Display customer line items in Standard SoD rule set under function AR07 addressing a risk of S022.

Unless there are t-codes of FD03 or FB02 this t-code does not allow to change the payment terms of the customer.

We are having a challenge from the client that FBL5N is a display t-code and why it is there in rule set.

Has anybody came across this scenario? If yes, what is the underlying risk for this FBL5N independently.

Is there any SAP Note for this t-code like ME23N from SAP.

Thanks and Best Regards,

Srihari.K

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-09-2010 11:59 AM
0 Kudos

Did you have a look at the Object-Level?

Show replies
Show replies
Former Member
‎09-09-2010 12:04 PM
0 Kudos

Hi Christian,

We checked the authorization objects as well enabled in GRC rule set as below:

F_BKPF_BUK - Docume t Authorization document for company codes - 01 or 02 - Enable.

Inspite of this access, FBL5N cannot be used to change the document for payment terms and assignments without FB02 t-code

assignment in the role.

Independently FBL5N cannot be used for any change or create activity except Display customer line items.

Please advise

Thanks and Best Regards,

Srihari.K

Former Member
‎09-09-2010 12:11 PM
0 Kudos

Ok, in this case I would add S_TCODE to FB5LN in this function and include FB02. Do not forget to generate the rules!

Best Regards,

Christian

Former Member
‎09-20-2010 7:48 PM
0 Kudos

Hi Christian

Adding S_TCODE value FB02 AND to the global ruleset is exactly the right answer! We had no end of trouble convincing the auditors et al that this is an invalid risk without both the change access and the tcode that is called.

Changed ours eventually...

Answers (0)

Ask a Question