(or Maker and Checker, or 4-Eyes) is one of the central principles of authorization in the information systems of financial organizations. The principle of maker and checker means that for each transaction there must be at least two individuals necessary for its completion. While one individual may create a transaction, someone else should be involved in its confirmation/authorization. Here the segregation of duties play an important role. In this way, strict control is kept over system software and data, keeping in mind functional division of labor between all classes of employees.
The User profile is created based on Assigned task activities of an User. This function helps keep the circle of users with the highest access rights as small as possible.
Access scope and Permissions of any user is based on their Application Profile designation.
That Profile has the permissions set to access various menus and transactions. This means when someone changes role, we just need to assign the Profile associated to that role, rather than revisit each permission on the individual user.
The User's details do have some individual permissions set: based on Business sector/Transactions with Release Authority, Release Amount and Own Amount.
If Release is enabled, they can Release (as Checker) transactions up to the Release Amount
And if Own Amount is set up, they do not need a Checker if they transact anything up to their own amount.
A checker can view transactions in the Office with the status waiting for approval, then approve or reject the transactions. As a checker you can view all the transactions listed within/under your hierarchy but can authorize or reject only those transactions which you are qualified to authorize.
The maker will see in the Office the transactions posted with a status of POSTED, Error or Reject.
They can then pick them up to correct them if needed.
The transaction DBIUSR is used to maintain users and to assign their profiles.
To add the user Profile, the administrator will user the user maintenance function (DBIUSR) , found in the menu under: basic settings>user
This Fields contains the release rights that is "Officer allowed to release but the clerk not allowed to release and also user to set the release amount(Release Amount this field contains the maximum amount the user is allowed to release)transactions as well as to set own amount for transactions that they have started by themselves as a Maker.
To set up Business Sector/Transaction overrides, there is a second tab User Authorisation, where more detailed levels of authority can be set. e.g. different amounts for different sectors.
See also Entity Group Transaction set up - DBIETP for how to set up whether a transaction needs release or not
See also How to Release via transaction Control and Release? for how to release transactions