General posting

[adeel]

Hello there

Is it save to say to auditors that the following users come from the below SQL can do General posting?


SELECT distinct gluser, glpid
FROM [JDE_PRODUCTION].[PRODDTA].[F0911]
where glupmj > 116365
--GROUP BY gluser, glpid
AND glpid = 'ER09801'

Thanks

 

[gina13tiger]

I would not think so. If you are only pulling this from the F0911 table, you are only picking up user IDs who actually transacted, not necessarily everyone that has the security to do so based on access to R09801 along with the users set up in the batch approval/post security constants. And just to clarify, by definition, when you say "can do general posting" is this referring to creating/entering a general journal entry or is this referring to posting all batches or posting general journal batches?

 

[adeel]

Yes I'm referring only posting general all batches or otherwise I have to consider R128000 etc for asset.?

Yes the request was who transacted. Many users have access but they don't post unless primary person is off etc.

 

[Rauf]

Adeel,

Usually, we deny *Public the posting permission, then give specific role the permission to post. So If I were you, I would go to Roles Relations ships and get the user list.
And also, we do not remove the users from the role, instead we put expiry date and write comment in Media Object of users.

 

[gina13tiger]

Not only do you need to pull the users assigned within the roles that have update access to R09801, but as indicated earlier, you will need to also understand who are listed as "approved users" in the batch approval/post security constants P00241 which is outside of the security role. A user can have access to R09801 in their role; however, if they are not also set up as an approved user, than they are unable to post. In this constant menu, you can assign a hierarchy of user IDs that an individual has the ability to approve/post.

Hope all of the information provided by Rauf and myself help!

 

[adeel]

Thanks a lot

The request is for the transacted one, but yes I may start digging the role relation level and prepare myself a list in case if they ask. This will be big as I need to consider many variable to find role conflict/seq etc in our setup case.

Gina
In our case we don't have approval function to approve batch and P00241 is empty (I did not even know that such special security application exist. ) I guess this work with the p0011 (batches)?