05-27-2011 10:07 AM
Dear Gurus,
The below set of t codes showing as SOD conflicts with each other as per standard GRC vanilla rule.
But these two t codes are interdependent, i.e. user can't perform the activity without access of the other t code.
Hope both the conflicting t codes essential for completing the activity may be calling backend.
Need your inputs to overcome the SOD conflicts or any other alternate for the same
Set1 --> Goods movement (MIGO) and Single Screen Entry of Confirmations (COR6N)
Set2 --> Import Electronic Bank Statement (FF_5) and Post Document (FB01)
Set3 --> Post with Clearing (FB05) and Manual Bank Statement (FF67)
Set4 --> Postprocess Electronic Bank Statmt (FEBA) and Post with Clearing (FB05)
Set5 --> Reverse Check Payment (FCH8) and Reverse Document (FB08)
Regards
Krishna Mohan CH
05-27-2011 10:34 AM
Hi Krishna,
1. Go the the su24 and check what objects and values these tcodes are bringing to your role. If you are able to restrict and maintain these conflicts at role level then its good to go.As you said these are the tcode conflicts, please look for below options.
2. You can create a mitigation control for the below risks and have it assigned to the users ( this will avoid any changes to the existing rule set).
3.You can customize the rule set and look for the functons for the below risks and go to the actions/permisiions for these functions and deactivate the objects, activites which will serve your purpose.
I would suggest this as a business call. If there is something to be changed to the global rule sets then you need to align yourself with the business and give the justification for deactivating any functions or the permissions in it.
Rakesh.
11-08-2011 7:29 AM