Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

F-02 and FB01 Permission Level Definitions in SAP GRC Ruleset

Dear All,

As we all know that FB01 and F-02 are some of the transactions of SAP Finance module which can perform activity related to various account types (A K D M S).

SAP Standard ruleset has multiple objects enabled for these transactions, leading to lot many false positives in SOD report, viz, a user is having access to only customer invoice processing (restricted access to account type D), but SOD report shows risks related to vendor invoice processing because for F-02 has object level definitions like F_BKPF_BUK , etc are common for vendor and customer activities. Just this object doesn't really allow the user to process vendor invoice and F_BKPF_KOA is mandatory object.

In order to remove such false positives, is it a good approach to deactivate other objects and only keep F_BKPF_KOA object active in the ruleset with required account types maintained for FB01, F-02, etc ?

Please advise.

Thanks in advance !

Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question