cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ChaRM Segregation of Duties check needed for imports using the Tasklist

robynhosby
Active Participant

on ‎09-13-2018 8:19 PM

0 Kudos

Hello Experts!

The 4-eyes principle works when processing Actions, for example to prevent the developer from being the same as the tester.

However, we want to implement a check to prevent an import to production from being processed by the developer of the ChaRM. For example, if a Normal CD (ZMMJ) was assigned to a developer from our internal Basis team, he would also have the authorization to process imports for Normal change documents using the tasklist. We don't want him to be allowed to import his own change if he was assigned as the developer.

Has anyone implemented this type of Segregation of Duties check in the tasklist?

Thank you in advance for your help!

Robyn

Show replies
Show replies
robynhosby
Active Participant
‎09-13-2018 8:27 PM
0 Kudos

Thinking out loud.... maybe a custom tasklist variant that would check the CDs in the cycle to see if the current processor is one of the assigned developers?

robynhosby
Active Participant
‎09-21-2018 3:56 PM
0 Kudos

I'm getting this to working using a custom task in a custom tasklist variants, but it is not completely working.

  • 1)We have status dependent imports configured.
  • 2)I created a copy of SAP0 as ZSAP0. The only difference is I made a Z program for /TMWFLOW/SCMA_TRORDER_IMPORT that is called when importing to production for Phase Cycles.

The task is configured as a job not a transaction, but the task only works as a transaction.

Using the custom program in ZSAP0 does not show the popup screen that should appear for Status Dependent Imports.

So, now my question is how can I use my custom variant with status driven imports in batch?

Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Miguel_Ariño
Advisor
Advisor
‎09-14-2018 10:06 AM
0 Kudos

The developer should not be allowed to run imports into production, in the standard authorization model of ChaRM.

You could protect the status 'import into production' with an authorization code and not assign the authorization values to the developer, or protect the PPF actions with authorizations.

Show replies
Show replies
Miguel_Ariño
Advisor
Advisor
‎09-14-2018 10:07 AM
0 Kudos

I have now realized you asked about the task list, so my previous answer is not really relevant...

Ask a Question