This is change request proposal. Details are mentioned below.
In case the right to authorize the purchase orders is delegated, the same employee can have the access rights to raise the shopping cart as well as approve the shopping cart leading to segregation of duties (SOD Issue). Although in this case, the email is sent to employee ordinarily responsible for authorization as well as the employee to whom the authorization has been delegated but the risk is not mitigated. We have also been informed by the business that u2018this is an audit requirement.
Description of change:
In the Approval's transaction, code will be implemented into a BADi to check whether the person attempting to approve the Shopping Cart is the same person that created the Shopping Cart. If so, an error message is displayed informing the user that this is not permitted, and they will not be allowed to continue.
This problem does not occur with Offline-Approval, because it does not send an (Approval) email to a user if they are the creator of the Shopping cart. So, we do not have to do anything with regards to Offline Approvals.
Any pointers please post your comments.