During the definition of work center assignments for a user, you can see a red symbol under the Segregation-of-duties Conflicts column.
After clicking in the row and checking the Segregation-of-Duties Conflicts section, the solution is states "Create mitigating controls".
- SAP Business ByDesign
- SAP Cloud for Customer
Reproducing the Issue
- Enter the Application and User Management work center. (If using SAP Cloud for Customer, enter the Administrator work center).
- Select the Business Users view.
- Select a Business User and click on Edit -> Access Rights.
- Navigate to the Work Center and View Assignment tab.
- Assign any work center view to the user.
- Check the Segregation-of-Duties Conflicts column.
- With the row selected, check the Segregation-of-Duties Conflict section on the bottom of the screen.
- You can see the solution proposed as "Create mitigating controls"
Based on the design of the system, it is not possible to assign a certain view to a user without assigning the respective work center. This may cause some SoD (Segregation-of-Duties) conflicts that are currently not possible to solve with the standard system functionality. In such cases the message appears stating "Create Mitigating Controls", as internal measures need to be taken in the company if such SoD conflict is relevant for audition.
For example, a mitigation control could be a user being responsible to review the purchase transactions each determined period of time, in order to ensure that no fraud is being committed by the users who have SOD conflicts in their access restrictions.
The system works as expected.
SOD, Compliance, SOX , KBA , SRD-CC-IAM , Identity & Access Management , How To