1. Introduction
Sensitive Data Fields provides dual control function in SAP to provide more security when changes are made in Customer and Vendor Master Data records. After activating Sensitive Data Fields functionality, changes done by one profile (Ex. Clerk) in AP and AR Master Data has to be confirmed by another profile (authorized person), thereby facilitating strong control over unauthorized modification. Changes made in relevant Customer or Vendor Master Data are visible but the account is automatically blocked for payment run till the changes are confirmed.
If this function is not activated then when the master data for a customer/vendor is changed then all business processes, including for example a payment run, can be executed immediately afterwards without the changes having being confirmed regarding the 4-eyes-principles. The risk of fraudulent behavior, especially in payments to vendor and customer, remains higher than a situation where the changes of sensitive data fields need to be confirmed by another person.
2. Steps
Standard SAP offers the possibility to define sensitive fields for both customer and vendor data. This customization is at Client level and is applicable for all Customer or Vendor account groups.
Customer Master Data
1. IMG Path for customization of Sensitive Fields for Customers:
IMG -> Financial Accounting -> Accounts Receivable and Account Payable -> Customer Accounts -> Master Data -> Preparations for Creating Customer Master Data -> Define Sensitive Fields for Dual Control. Single data fields can be defined as sensitive.
Similar customizing exists for vendor accounts.
2. Maintaining Sensitive Fields:
Below screenshot shows various fields available for customization as Sensitive data fields.
This includes Customer name and address, Bank details etc.
3. Terms of payment saved as Sensitive Field:
4. Changing Payment Terms in Customer Master Data:
Existing payment term is FB00
Terms of payment have been changed from FB00 to FB09
Changes saved with an information message to confirm the changes
5. Display Customer Master Data:
Changes available for display but the same are required to be confirmed.
6. Confirmation of Change:
Changes made can be displayed by clicking Changes to sensitive fields
Below screen provides details of changes made
Changes have not been confirmed
7. Executing Automatic Payment Run:
Customer has open item (T Code: FBL5N)
Executing Payment Run without confirming the changes (T Code: F110)
Account was not considered for payment run due to unconfirmed changes.
Vendor Master Data
1. IMG Path for customization of Sensitive Fields for Vendors:
IMG-> Financial Accounting-> Accounts Receivable and Account Payable-> Vendor Accounts-> Master Data-> Preparations for creating Vendor Master Data-> Define Sensitive Fields for Dual Control. Single data fields can be defined as sensitive.
2. Maintaining Sensitive Fields:
Below screenshot shows various fields available for customization as Sensitive data fields.
This includes Vendor name and address, Payment terms, Dunning data etc.
3. City and Accounting Clerk Field have been saved as Sensitive Field:
4. Changing Sensitive Fields in Vendor Master Data:
City changed from Montvale to Rutherford
Accounting clerk field was empty
Now filled with AP
Changes available for display but the same are required to be confirmed.
5. Display Vendor Master Data
Changes made are available for display
6. Confirmation of Change
Changes done in city comes under Vendor Master General Data
Changes done in Accounting clerk comes under the preview of Company Code Data
7. Executing Automatic Payment Run:
Vendor Open item ready for payment run (T Code: FBL1N)
Executing Automatic Payment Program (T Code F110)
Vendor is blocked for payment due to unconfirmed changes.
3. Customized solution
As already mentioned, Sensitive Data Field functionality provided by standard SAP is at client level and therefore applicable for all the customer and Vendor account groups existing in the system. Based on customer request, this functionality can be activated for specific account groups.
In our project, Customer and Vendor Account groups have been created at country level. To fulfill customer requirement, A custom table has been created to maintain the relevant account groups and Sensitive Data Fields.
Also we have added one enhancement spot in include MF02DFEX for customer MF02KFEX for vendor. Accordingly Sensitive Data Field functionality has been activated at account group level.
In this way, unauthorized changes in Customer and Vendor master data can be effectively controlled thereby reducing overall business risk.