- SAP Community
- Products and Technology
- Additional Q&A
- How to deal with Segregation of duties?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to deal with Segregation of duties?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-04-2011 3:26 PM
Dear Gurus,
I'm looking for a of basic procedure to analyze Segregation of Duties (SoD)
The following image is a simple and basic initial flow I made:
[Initial Flow|http://img535.imageshack.us/img535/4843/sodysis.jpg]
What do u think about?
please, be free to comment, correct and improve. This is the idea of the post.
Regards,
Diego.
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks Diego! Great information...I have a related issue that I was wondering if you could share your experience with:
We've taken on the painstaking task of re-engineering many of our SAP ECC Security roles. Our goal was to be SOD violations free at the Role level, and then put the ownership on the Business to decide what violations at the User level were warranted (requiring mitigation), or else a change would have to occur on the Business Process (BP) side.
We are struggling with the assignment of certain Basis categorized transactions such as SM36, SM37, SE16. The majority of our BPs are very batch processing oriented, which require our users to have batch processing authorization. However, if we included SM37, for example, into any role RAR comes back with a HIGH risk message
Did you have to deal with a similar scenario; and if so, how?
Thanks
Jose Garcia
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Diego,
go to the BPX GRC area, there are some white papers dealing with the SoD processes.
In the end you need to match that with what works in the context of your organisation.
One thing in your graphic I would definitely avoid is re-designing roles to solve single conflicts - only do that if you can see it's a systematic error, i.e. the conflict occurs with a lot of users it is most likely an indication that your role design does not reflect the business processes properly.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Frank,
Your answer was very helpful and I found a very intersting document here:
[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0043a8ab-bdae-2910-d8bc-cf4abd4d6bed|http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0043a8ab-bdae-2910-d8bc-cf4abd4d6bed]
I'll wait for another replies to complete my research, and to give the opportunity of hear other voices.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- GRC Tuesdays: Takeaways from the 2024 Internal Controls, Compliance and Risk Management Conference in Financial Management Blogs by SAP
- Futuristic Aerospace or Defense BTP Data Mesh Layer using Collibra, Next Labs ABAC/DAM, IAG and GRC in Enterprise Resource Planning Blogs by Members
- SAP Datasphere - Space, Data Integration, and Data Modeling Best Practices in Technology Blogs by SAP
- Implementing Security control on Post/Approve Group journal entry for S4 - Group reporting. in Technology Blogs by Members
- Looking for 'Excise Duty Condition' configuration steps in Sales Order without IS-OIL Setting? in Enterprise Resource Planning Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.