04-02-2007 5:32 PM
04-02-2007 7:53 PM
hai
this is ajay SOD is nothing but segregation of duties.in this you are unable to do all the works means (creating user master, creating roles, profiles).
In SOD these are divided 1. user administrator
2.data administrator
3.profile administrator
user admin-- he will create user (he can change and he can create user maser record. but he will get roles and profiles in display mode.
Data admin--- he can create and change roles but he will get users and profiles in display mode.
Profile admin--he will generate profiles but he cant do any thing for users and roles.
Like this the duties are divided.
I think this is the right answer for your question or if you want more go to authorizations made easy
Regards
AJAY KUMAR
04-02-2007 5:48 PM
SOD Segregation of duties.
Separation of the management or execution of certain duties or of areas of responsibility is required in order to prevent and reduce opportunities for unauthorised modification or misuse of data or service.
past threads on this topic
http://easymarketplace.de/online-pdfs.php
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCCSTADM/BCCSTSAL.pdf
http://help.sap.com/printdocu/core/Print46c/en/data/pdf/BCSECAUDLOG/BCSECSAL.pdf
http://sapecc.com/sox_sod/sod_matrix.htm
<a href="http://sapecc.com/sox_sod/sod_matrix.htm">http://sapecc.com/sox_sod/sod_matrix.htm</a>
http://www.sapsecurityonline.com/sox_sod/sod_matrix_fi.htm
http://www.auditnet.org/sapaudit.htm
http://help.sap.com/saphelp_erp2005vp/helpdata/en/3f/857e41564c020de10000000a1550b0/frameset.htm
http://www.law.uc.edu/CCL/SOact/toc.html
http://www.auditnet.org/sarbox.htm
http://www.isaca-kc.org/doc/Segregation%20of%20Duties.pdf
Cheers,
Ben
04-02-2007 7:53 PM
hai
this is ajay SOD is nothing but segregation of duties.in this you are unable to do all the works means (creating user master, creating roles, profiles).
In SOD these are divided 1. user administrator
2.data administrator
3.profile administrator
user admin-- he will create user (he can change and he can create user maser record. but he will get roles and profiles in display mode.
Data admin--- he can create and change roles but he will get users and profiles in display mode.
Profile admin--he will generate profiles but he cant do any thing for users and roles.
Like this the duties are divided.
I think this is the right answer for your question or if you want more go to authorizations made easy
Regards
AJAY KUMAR