Skip to Content
0
Former Member
Jul 14, 2009 at 04:02 PM

CC 5.2 Organization Rule Question

36 Views

Hi GRC Guys,

I am setting up the organization rule using CC 5.2 for one of my clients and met one issue which confuses me. I give you an example below.

We had a user BRUT01 in the backend system and this user has two roles, BRRT01 and BRRT02.

BRRT01 has the following authorization:

TCODE: ME21N

AO: M_BEST_EKO/ACTVT=01

M_BEST_EKO/EKORG=0001

BRRT02 has the following authorization:

TCODE: ME29N

AO: M_BEST_EKO/ACTVT=02

M_BEST_EKO/EKORG=BP01

So this user should have the authorization to create POs on purchase organization 0001 and release POs on purchase organization BP01. Suppose this is a conflict and the company doesn't allow employee to both have PO creation on 0001 and PO release on BP01.

I set the SOD rules in CC 5.2 as follows

S_TCODE/TCD=ME21N AND

S_TCODE/TCD=ME29N AND

M_BEST_EKO/ACTVT=01 AND

M_BEST_EKO/EKORG=$EKORG AND

M_BEST_EKO/ACTVT=02 AND

M_BEST_EKO/EKORG=$EKORG AND

I also set the organization rule as follows:

RISK1* EKORG=0001 AND

RISK1* EKORG=BP01 AND

When I analyze without organization rule, I got the correct SOD risk answer. However when I choose to analyze with the above organization rules, no conflict is found.

Can anyone tell me what's wrong with the above settings?

Thanks.