So we are governed by SOX. What is everyone’s thought about AP or AR having access to Journal Entries? My thought is it is no no and only the controller level should have this.
thanks
You, Haso, and I should have a meeting!
We give Journal Entry to several people but only allow the journal “approvers” to post the entries. That gives us some level of separation. We use Service Security to do this.
Mark W.
1 Like
What is security service?
So you set the method different for approvers?
Yes. The default is All Users but I set the Post method to all allow {compID}-canPostJournals - a security group that has the approvers in it.
Mark W.
1 Like
Is this feature available in 10.1.400?
Mark, interested in knowing why you went this route instead of using the review journal? Seems like marking certain transactions to automatically hit the review journal and then having them approved out of there would be easier.
But I’m assuming that you know something I don’t 
Oh, we’ve done review journal as well - mostly during new implementations. I think we’ve also had a BPM that wouldn’t let the person who entered the Journal post it, which gives you a little better financial control.
1 Like
Thanks.
I think so but it might be called Method Security.
Thx