Segregation of Duties on SAP ? 1987



  • 72,000 transaction codes in SAP v.4.7 would certainly be tedious :lol:
    frankly it would not be really tough given the fact that SOD for any ERP or application depends on the list of Transaction codes/ menus each organization uses for each of the activity.
    If we can ensure SOD on paper, the same can be translated to the ERP.
    :idea:



  • We had a huge issue with SOD in SAP in the previous company I worked for. These involved embedded transactions. In other words you may have authority to do an entry on a particular transaction type but what you dont see is the accesses you have to a multitude of supporting modules that support or feed into the transaction you are performing. When these embedded transactions support other types of transactions that you do NOT have authority to do, you have a SOD issue.



  • Everything in SAP revolves around Objects. It would take lot of time to understand and analyze the objects to which a user has access to.
    Once this is done, we can reasonably address SOD issues.



  • As several of the previous posts point out rather nicely, SOD in SAP is complex. Much of that complexity arises the sheer scale of the system and there being, potentially, multiple ways of accessing equivalent functionality. E.g. you may have adequately secured access to manual G/L journals yet may fine that other transaction types allow you to basically do the same thing.
    Add in an additional complication of custom transactions and scalability up to tens of thousands of users and things that are conceptually straightforward become very difficult to manage in practical terms.



  • Hi.
    Does anyone know the best time for testing SOD conflits? If I do test SOD before September 30, will I still need to complement my scope?
    Tanks in advance.



  • SOD testing should be on a periodic basis (probably quarterly) so as to provide evidence that it was monitored throughout the year.
    In addtion, even if tested in September, you will have to come up with testing results for the year-end too.



  • Unless, of course, september 30 is his year-end 😉



  • Absolutely.
    The cut off date is 15 December 2007.



  • try this link out.
    Though it gives out the conflicting roles in SAP, i would say what denis said.
    cheers

    Hello NC,
    could you please send the link to ml.forum at gmail.com ?
    Thanks
    Omasliebling



  • omasliebling: do you have any solution about to create SAP SoD matrix? I have to do the same in the company for security reason.

    Thanks,
    Sandor


Log in to reply