Roles and Authorizations Concept
For Management of Internal Controls (MIC), a large number of frequently changing people need to perform tasks in a variety of functions. Consequently, a special roles and authorizations concept has been created for this purpose. Besides the general SAP standard roles that are edited by the system administrator in transaction PFCG, there are also MIC-specific roles comprising a variety of delivered tasks. These MIC-specific roles and their respective tasks allow you to manage the detailed authorizations and the workflow between those involved.
For information about the general standard roles delivered with MIC, see Standard Roles and Authorization Objects.
The MIC-specific roles refine the authorizations delivered in the standard role Management of Internal Controls ‑ Business User (SAP_CGV_MIC_BUSINESS_USER). An MIC-specific role consists of different tasks with authorizations attached. You can specify which tasks belong to which role. For more information, see Editing MIC-Specific Roles.
The assignment of am MIC-specific role to one or more persons is dependent on an object (for example, an organizational unit). The assignment is performed in a Web application by different persons throughout the organization hierarchy. The power user triggers this process for the highest level of the organization hierarchy. For more information, see Assigning Roles to Persons.
To
ensure the segregation of duties so that the same person is not
authorized to perform an assessment as well as the validation of that
assessment, for example, you can define conflict groups. You include in a
conflict group any tasks that must not be performed by the same person. You
can use these conflict groups to run a check to establish whether the defined
segregation of duties is actually reflected in the system. For more
information, see
Segregation of
Duties.
...
1. The system administrator copies the delivered standard role Management of Internal Controls – All Authorizations (SAP_CGV_MIC_ALL), makes any necessary adjustments, and assigns the adjusted copy of the standard role to the MIC power user.
2. The power user edits the MIC-specific roles.
3. The power user defines conflict groups.
4. The power user starts the role assignment procedure in the navigational area on the start page.
5. The power user checks whether the segregation of duties defined in the conflict groups is enforced by the system.