SAP Note 1600667 - Transactions that conflict with themselves

Component : Access Risk Management -

Solution : https://service.sap.com/sap/support/notes/1600667 (SAP Service marketplace login required)

Summary :
This SAP Note addresses the issue where specific transaction codes appear to conflict with themselves, leading to potential segregation of duties (SoD) risks. The note explains that among the SAP-delivered ruleset, some transaction codes can execute multiple functions inherently carrying SoD risks. It identifies specific scenarios and transactions such as F-02 and details possible remediation strategies. For certain transactions, leveraging security authorization objects facilitates function limitation, mitigating risks. Where authorization adjustments are infeasible, implementing mitigating controls is recommended, such as reviewing manual journal entries to ensure compliance and prevent misappropriation.

Key words :
function mm03 - enter counts & clear diff - im, function bs14 - maintain profiles / roles pfcg - permissions, function sd05 - sales order processing va02 - permissions, function gl01 - post journal entry acacact - permissions, function gl01 - post journal entry f-04 - permissions, gl01 - post journal entry f-04 - permissions, function mm04 - goods movements mi10 - permissions, function fi08 - create / change treasury item, function bs13 - maintain user master, function sd04 - sales document release

Related Notes :

1604722Risk Analysis and Remediation Rule Update Q3 2011
1446680Risk Analysis and Remediation Rule Update Q2 2010
1373465Rule Upload and Rule Import - Explanation of functions
1326497Risk Analysis and Remediation Rule Update Q2 2009
1173980Risk Analysis and Remediation Rule Update Q2 2008
1083611Compliance Calibrator Rule Update Q3 2007
1061380Compliance Calibrator Rule Update Q2 2006
1050832ME23N in Compliance Calibrator (RAR) Default rules
1035070Compliance Calibrator Rule Update Q1 2007
1033326Risk Analysis and Remediation Rule Upload guidance
986996GRC Access Control- Best Practice for Rules and Risks