There is a very interesting SAP note on “Certain SAP transactions allow users to perform multiple functions which can be inherent segregation of duties risks.” (quoted from the SAP note.) SAP continues to explain that for some transactions “there is no way to limit the transactions through authorization objects so that they can only perform one of the functions. For these transactions, there is no way via security to remove the segregation of duties risk. In these cases, the only option is to apply a mitigating control to the risk.” We recommend you read the original note. SAP provides examples and risks.
What is a mitigating control in these cases? Monitoring. A tool that monitors actions in these transactions and then reports for review is a mitigating control. Data about changes is available in tables or change documents and can be analyzed and reported using REMEDYNE’s editors to create new controls (our Access Violation Management framework).