Changes to the customer master records can be sensitive from a security standpoint. Due to this, the internal control department of Bike Company has insisted on implementing a control ensuring that all customer changes are approved by an authorized manager. How to handle this demand in the system?

In SAP S/4HANA it is possible to configure ‘sensitive fields’ in the customer master record that will trigger the customer to be flagged for validation by a different authorized user to apply the 4-eyes validation principle to master data changes.

Until this validation is performed, the customer will be blocked for any payments, thus, preventing any financial loss to the company. However, other transactions are still possible, such as entering new sales orders or invoices. On the other hand, every time that the customer is used a warning will alert the user that validations are still pending.

For compliance reasons, a user can never approve their own customer modifications.

The figure outlines the 4-eyes verification process in SAP S/4HANA Cloud, which requires two individuals to review customer master data for accuracy, completeness, and compliance. The prerequisites for implementing this process include configuring the customer data fields that will trigger the review, such as changes to addresses or bank details, and setting up user authorizations to determine which users can modify or validate customer master records.

This graphic describes the 4-eyes principle applied to customer master data in SAP S/4HANA.

The figure illustrates a four-step workflow process involving two employees. Employee 1 is responsible for the initial data preparation and then submits a review and approval request. Following this, a notification is sent to Employee 2, who then conducts a data review.

The first employee creates or changes the customer master data. They must ensure that all the necessary information is complete, accurate, and follows the company standards and guidelines.

When the first employee completes the customer master data creation or changes, they initiate a request for a second employee to review and approve the customer master data.

SAP S/4HANA notifies the second employee about the pending approval request through the system or by email, if configured.

An automatic message informs users that modifications are pending for this customer, every time that its records are accessed.
Automatic payments to the customer will fail until the modifications are validated.

The second employee logs into the SAP S/4HANA and reviews the supplier master data changes or creation done by the first employee. They validate the information against company standards, guidelines, and any regulatory requirements.

They also check for any discrepancies, inconsistencies, or missing information.

The figure outlines a 4-eyes verification process involving two employees. Employee 1 is responsible for data preparation and submitting a review and approval request. This request is then notified to Employee 2, who conducts a data review. Employee 2 can either approve or reject the data. If rejected, the data is sent back to Employee 1 for rectification and resubmission. The process emphasizes the importance of maintaining an audit trail, with SAP S/4HANA logging all approvals, rejections, and changes for compliance and future reference.

If the second employee finds the customer master data satisfactory, they approve the changes or creation and the process is finished.

If they find any issues, they can reject the request and send it back to the first employee with their comments or suggestions.

In case the customer master data request is rejected, the first employee corrects the issues pointed out by the second employee. They resubmit the request for approval when the corrections are made.

Final Approval and Activation: When the second employee approves the customer master data, the changes or new customer will be activated in the SAP system and will be available for use in transactions.

Describing the 4-Eyes Principle in Customer Data Maintenance

Sensitive Fields