- SAP Community
- Products and Technology
- Additional Q&A
- SOD (Segregation of Duties)
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SOD (Segregation of Duties)
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-06-2008 9:26 AM
Hi,
I would like to know whether the following would be excess access rights or segregation of duties issue.
1- Every one having same or access all modules with change rights in the the development system (not sandbox)
2- Same person can create a change request and also approve the same change request in the change management process.
If they are either excess access rights or SOD, Are there any best practices from SAP or any other professional bodies available to suggest the same.
Regards,
Krishna
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
According to a general practice one individual should not have access to two or more than two incompatible duties also one individual should not be given rights to execute end to end processes. I think in your mentioned cases, both seems to be SOD conflicts. To understand any scenario you need to create SOD Role matrix for all your business Processes.
Following are some popular examples of incompatible duties:
1. Creating vendor and initiate payment to him.
2. Creating invoices and modifying them.
3. Processing inventory, and posting payment.
4. Receiving Checks and writing pay-offs
Please search for SOD Role matrix on SDN
Also you can download SAP GRC best practices for Access Controls 5.2 from SAP Service Market Place for free.
Best Regards,
Amol Bharti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
What others have said is absolutely right. But these scenarios do matter on production system. I am not sure about DEV. However, this is purely business call. its better to discuss these issues with your business heads and do the needful.
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
HEllo Krishna,
The scenerio you described would be both excess access rights and SOD as well. Reasons:
1. Excess Access Rights - As the user is having rights other than what he/she should be performing. Those functions which the user have rights in this case may not be conflicting but still undesirable, making it an excess authorization for him/her.
2. SOD - Because of the complete ownership of some processes, which are conflicting amongst each other.
Regards,
Hersh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- ISAE 3000 for SAP S/4HANA Cloud Public Edition - Evaluation of the Authorization Role Concept in Enterprise Resource Planning Blogs by SAP
- GRC Tuesdays: Takeaways from the 2024 Internal Controls, Compliance and Risk Management Conference in Financial Management Blogs by SAP
- Futuristic Aerospace or Defense BTP Data Mesh Layer using Collibra, Next Labs ABAC/DAM, IAG and GRC in Enterprise Resource Planning Blogs by Members
- SAP Datasphere - Space, Data Integration, and Data Modeling Best Practices in Technology Blogs by SAP
- Implementing Security control on Post/Approve Group journal entry for S4 - Group reporting. in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.