- SAP Community
- Products and Technology
- Additional Q&A
- Updating F_BKPF_KOA does not remove SOD Issues
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Updating F_BKPF_KOA does not remove SOD Issues
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-25-2010 12:13 PM
Hi,
We have recently installed GRC 5.3 and are currently working through SOD issues located in some roles, however we have found that trying to restrict a Function in the Rule Set does not remove the SOD Issue:
Example:
We have created and AP Processing Role and based upon the Standard Rule Set FB02 is causing an SOD issue with itself.
Functions AP02 and GL01 are being called, I have enabled F_BKPF_KOA, ACTVT 01,02 and KOART S in the GL01 function (authorisation for KOART - S not present on the AP Processing Role), this has been saved and the Rules updated, yet the issue persists.
Any advice???
Thanks
Craig
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Solution:
The issue was resolved by adding SP13.2 to our installation
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Please run 'generate rules' job once again. (from configuration tab)
also please paste your permission level rule (enable ones)
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Surpreet,
Details from TOBJ:
Auth. Obj. Auth Field Auth. Field Clss User Text
F_BKPF_KOA KOART ACTVT FI SAP Accounting Document: Authorization for Account Types
Role:
ACTVT, 01, 02, 03
KOART, S
This role brings in SOD Issue F02907N01: Adjust the AR subsidiary balance using AR payments and then conceal with journal entries
We enabled the AR01 function - F_BKPK_KOA to 01 and D yet the issue is still present,
Many thanks
Craig
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Craig,
i got it.
things are working perfectly as designed.
now let me explain how RAR do analysis.
it will pull Role Data and Rules data (enabled one only) and then do comparison one by one.
first it will check for relevant tcode (we are doing persmission level analysis)
then it will compare all objects in role with object in that rule (in your case it is 02907N01)
then field values will be compared
IF FIELD VALUES IN RULES EXIST IN ROLE ALSO, THEN IT IS CONFLICT
hope you get my point.
now in your case.... you are trying that if you disable ACTVT 03 , the conflict should not show.
sorry you are going wrong way...
now your rules say if any user have ACTVT 01 OR 02, then it should show conflict.
and yes ROLES do satisfy that.
remove 02 and 01 from role only then it will not show conflict.
tried my best to explain
please let me know ........
regards,
Surpreet
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Surpreet,
Thanks for your explanation I understand the issues around the ACTVT field, however the issue we are having is around the KOART field within F_BKPF_KOART.
The role details I supplied previously were set up for KOART - S only, however GRC is stating the role has SOD issues even though in Function AR01 we enabled KOART - D, as the role does not have this there should be no issue, yet it still appears.
To confirm, role is set up F_BKPF_KOA, ACTVT 01,02 & 03, KOART - S
Function AR01 appears as SOD issue, this has been enabled with F_BKPF_KOA, ACTVT 01 & 02, KOART - D, this should not cause issue to appear, system appears to disregard KOART field.
Many thanks again
Craig
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
hm
there was some design change from 4.0 to 5.3, regarding Org Level analysis.
yes i think it is ignoring Org Level per new design in 5.3
don't remember exactly how it work on Org Level, but it do ignore org levels from rules, as usually they contain variables........ like $BUKRS
so please check with SAP to confirm same ..........
check if there is any config parameter related to org levels in configuration tab......
regards,
Surpreet
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- BAPI_PR_CHANGE is not updating Service Component of PR in Enterprise Resource Planning Q&A
- Payment Batch Configurations SAP BCM - S4HANA in Financial Management Blogs by Members
- SAP ECC Conversion to S/4HANA - Focus in CO-PA Costing-Based to Margin Analysis in Financial Management Blogs by SAP
- Deliver Real-World Results with SAP Business AI: Q4 2023 & Q1 2024 Release Highlights in Technology Blogs by SAP
- SAP Fiori for SAP S/4HANA - Technical Catalog Migration – How the migration process works in Enterprise Resource Planning Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.