Sensitive Data Fields provide a dual control function in SAP to provide more security when changes are made in Business Partner Master Data records. After activating the Sensitive Data Fields functionality, changes done by one user and have to be confirmed by another user (authorized person), thereby facilitating strong control over unauthorized modification. Changes made in relevant Business Partner Master Data are visible but the account is automatically blocked for payment run till the changes are confirmed.
Dual control is a means of ensuring that critical application processing activities are checked and released by an additional person.
In FS-PM, dual control is integrated into the release step of the New Business, Universal Change, and Change business processes, as well as the application interface of the New Business. The release of the Change services and the Change APIs do not support dual control.
Depending on the user who enters the application data and wishes to release the application, the system checks whether dual control is required. In the Change and Universal Change business processes, the system only checks this if the user has actually changed any check-relevant values during application processing.
Dual control is performed when applications are entered into the system for the first time. Applications that are released again in a reimplementation step are not checked.In Customizing, you define checks to control the conditions under which the system triggers dual control for an application and the user who is to check the application. You can also define checks that are to be performed on a random basis as opposed to general checks.
If none of the conditions defined in Customizing apply to the dual control of an application, the user can release the application. If at least one of the conditions applies, the system categorizes the application as being subject to checking and interrupts the release of the business process.Users who are allowed to check the application receive a work item through SAP Workflow that allows them to resume processing of the application. The checker can release the application, process it, or return it to the first processor.
The vendor should be blocked for payments whenever there is a change in bank details.
SPRO -> IMG-> Financial Accounting-> Accounts Receivable and Account Payable-> Supplier Accounts-> Master Data-> Preparations for creating Supplier Master Data-> Define Sensitive Fields for Dual Control.
LFBK-BANKL | Bank Key |
LFBK-BANKN | Bank Account |
LFBK-BANKS | Bank Country/Region |
LFBK-BANK_GUID | BP Bank GUID |
LFBK-BKONT | Bank Control Key |
TIBAN-IBAN | IBAN |
TIBAN-VALID_FROM | IBAN Valid From |
The vendor is blocked for payment due to unconfirmed changes.
In this way, unauthorized changes in Business Partner master data can be effectively controlled thereby reducing overall business risk.
SAP Note Reference : https://me.sap.com/notes/0002899852