Conflicting t codes which are interdependent (Back...

Former Member · ‎05-27-2011

Dear Gurus,

The below set of t codes showing as SOD conflicts with each other as per standard GRC vanilla rule.

But these two t codes are interdependent, i.e. user can't perform the activity without access of the other t code.

Hope both the conflicting t codes essential for completing the activity may be calling backend.

Need your inputs to overcome the SOD conflicts or any other alternate for the same

Set1 --> Goods movement (MIGO) and Single Screen Entry of Confirmations (COR6N)

Set2 --> Import Electronic Bank Statement (FF_5) and Post Document (FB01)

Set3 --> Post with Clearing (FB05) and Manual Bank Statement (FF67)

Set4 --> Postprocess Electronic Bank Statmt (FEBA) and Post with Clearing (FB05)

Set5 --> Reverse Check Payment (FCH8) and Reverse Document (FB08)

Regards

Krishna Mohan CH

Former Member · ‎05-27-2011

Hi Krishna,

1. Go the the su24 and check what objects and values these tcodes are bringing to your role. If you are able to restrict and maintain these conflicts at role level then its good to go.As you said these are the tcode conflicts, please look for below options.

2. You can create a mitigation control for the below risks and have it assigned to the users ( this will avoid any changes to the existing rule set).

3.You can customize the rule set and look for the functons for the below risks and go to the actions/permisiions for these functions and deactivate the objects, activites which will serve your purpose.

I would suggest this as a business call. If there is something to be changed to the global rule sets then you need to align yourself with the business and give the justification for deactivating any functions or the permissions in it.

Rakesh.

Former Member · ‎11-08-2011

Thanks

Conflicting t codes which are interdependent (Backend)