Hi All -
We are currently using ME22N to park and post a PO.
User with just the PO Processor role is now able to post with AR Approver role
(without the PO Approver role). The authorization objects related to
post are being shared across different modules. These object are
available in all the approver roles and it gives the ability for the
user to post a PO even without a PO Approver role.
It appears as if the F_FICA_FOG, F_FICA_FSG, F_FICB_FKR, and F_FMMD_MES
are being shared across multiple FI modules. One role has the park
(actvt 11) access (PO Processor) and the other role (AR Approver) has
posting capabilities (actvt 10).
We are leaning towards creating custom authorization objects to achieve this. We are trying to prevent Segregation of Duty conflicts in our system. Are there any standard was to prevent someone from posting a parked document in the purchasing module (a PO) if the person has access to post AR documents (AR Invoices)?