- SAP Community
- Products and Technology
- Additional Q&A
- F-02 and FB01 Permission Level Definitions in SAP ...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
F-02 and FB01 Permission Level Definitions in SAP GRC Ruleset
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-22-2015 12:32 PM
Dear All,
As we all know that FB01 and F-02 are some of the transactions of SAP Finance module which can perform activity related to various account types (A K D M S).
SAP Standard ruleset has multiple objects enabled for these transactions, leading to lot many false positives in SOD report, viz, a user is having access to only customer invoice processing (restricted access to account type D), but SOD report shows risks related to vendor invoice processing because for F-02 has object level definitions like F_BKPF_BUK , etc are common for vendor and customer activities. Just this object doesn't really allow the user to process vendor invoice and F_BKPF_KOA is mandatory object.
In order to remove such false positives, is it a good approach to deactivate other objects and only keep F_BKPF_KOA object active in the ruleset with required account types maintained for FB01, F-02, etc ?
Please advise.
Thanks in advance !
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Prashant,
it's very tough to answer this question as this is an individual specification that only belongs to your environment/requirement.
Basically you do need to keep all object combinations that indicate your risk. If F_BKPF_KOA and F_BKPF_BUK are both required for a risk to be conducted you do need to keep both.
Also be aware that the pre-delivered rule set is based on "best practise" that belongs to a wide range of companies but not to everyone. Hence it is always required to validate all the rules and do adjustments when required.
Hope this helps.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Prashant,
Risks will appear, the way you define it. for F-02 and FB01, please identify which auth. objects are used in roles. Then, find the non-org. and org. objects, which determine the risk. include those objects, in your risk definition. for org. values, you can set Org. level Risks
regards
plaban
- Precision in Action: Admin-Controlled Picklist Updates for SuccessFactors Excellence in Human Capital Management Blogs by Members
- Create Permission role to have only view access to Employee Central configuration in Human Capital Management Blogs by Members
- Talent intelligence hub - 2024 updates and behind the scenes! in Human Capital Management Blogs by SAP
- Campaign Build - Segmentation Best Practice in CRM and CX Blogs by SAP
- Introduction to Permission Marketing in CRM and CX Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.