on 08-04-2011 3:26 PM
Dear Gurus,
I'm looking for a of basic procedure to analyze Segregation of Duties (SoD)
The following image is a simple and basic initial flow I made:
[Initial Flow|http://img535.imageshack.us/img535/4843/sodysis.jpg]
What do u think about?
please, be free to comment, correct and improve. This is the idea of the post.
Regards,
Diego.
Thanks Diego! Great information...I have a related issue that I was wondering if you could share your experience with:
We've taken on the painstaking task of re-engineering many of our SAP ECC Security roles. Our goal was to be SOD violations free at the Role level, and then put the ownership on the Business to decide what violations at the User level were warranted (requiring mitigation), or else a change would have to occur on the Business Process (BP) side.
We are struggling with the assignment of certain Basis categorized transactions such as SM36, SM37, SE16. The majority of our BPs are very batch processing oriented, which require our users to have batch processing authorization. However, if we included SM37, for example, into any role RAR comes back with a HIGH risk message
Did you have to deal with a similar scenario; and if so, how?
Thanks
Jose Garcia
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Diego,
go to the BPX GRC area, there are some white papers dealing with the SoD processes.
In the end you need to match that with what works in the context of your organisation.
One thing in your graphic I would definitely avoid is re-designing roles to solve single conflicts - only do that if you can see it's a systematic error, i.e. the conflict occurs with a lot of users it is most likely an indication that your role design does not reflect the business processes properly.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Frank,
Your answer was very helpful and I found a very intersting document here:
[http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0043a8ab-bdae-2910-d8bc-cf4abd4d6bed|http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0043a8ab-bdae-2910-d8bc-cf4abd4d6bed]
I'll wait for another replies to complete my research, and to give the opportunity of hear other voices.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.