Skip to Content
avatar image
Former Member

Payment tolerance groups

Hello

I'm not sure if this is the correct place to pose this question, but I wanted to see how the structure of implementing tolerance groups for payments.

Specifically, I know where and how you can create tolerance groups and assign users to those groups, but how does the tolerance group get tied to a user's user master record in security.  For example if a user is assigned to tolerance group ABCD in configuration, what is the security object that has to be in the user's role with value ABCD?

Thank you in advance,

JD Schmidt

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Sep 09, 2013 at 02:47 PM

    Jonathan,

    As you have probably already realized, the GRC discussion forum is *not* the right place for ECC security role design questions, but I will try to get you on the right path. I'm not sure why the moderators let your question be posted here, but that is another issue altogether.

    I suggest reviewing the transaction(s) which the end user will be running via transaction SU24 to see which authorization objects are securing it/them, and check each of those objects to find those which have a field for groups.  This is basic SAP role design; if this is unfamiliar to you, check with the security analysts who do your role build/ admin. Alternately, you can run a system trace on the transactions to see which objects were checked, but trace results can be unreliable and should be verified through testing.

    If you are unfamiliar with SU24, ST01, PFCG and security related tables and reports, I encourage you to do some searches and reading on security basics before trying to tackle this question, or defer to your role admins.

    In the future, post questions about security in the Security discussion forum, if you are still stuck after doing your research per SCN usage guidelines. I encourage you to close this question ASAP so that the SCN members interested in SAP GRC are not further spammed with this discussion which has nothing to do with SAP GRC.

    Good luck!

    Gretchen

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 10, 2013 at 04:45 AM

    Hi Jonathan,

    You have posted the same question in Security space also and answered by Alex

    http://scn.sap.com/thread/3414804

    apart from that, no other relation b/w tolerance groups and Security objects.

    So I request you to close both the questions in Security & GRC spaces.

    Regards,

    Rama

    Add comment
    10|10000 characters needed characters exceeded