You can search for a role that matches the security scenario. If no perfect match is found, you can create a role for the security scenario in several ways.
The match roles function gets the security configuration data from the latest snapshot.
Name | Responsible | Description |
---|---|---|
Create snapshot |
Security administrator |
You create snapshots to be able to use these Security and compliance studio functions:
A snapshot is an image of the security configuration at a specific date and time. A snapshot consists of:
You create a snapshot in these cases:
You are advised to create snapshots:
|
Match security roles to security scenario |
Security administrator |
Use match roles to match all securable objects, as defined on a security scenario, to security roles.
In general, a match means that the securable object is available on the role with a given access level.
Which roles are a match, is defined by:
You can match roles in these ways:
Each security role, with a match for at least one of the securable objects from the security scenario, is shown as a matched role. The matching degree of each matched security role indicates to what extent the role has matching entry points.
If you find a matched security role, you can assign users to it.
|
Create segregation of duty |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. For example, you might not want the same person both to acknowledge the receipt of goods and to process payment to the vendor. Segregation of duties helps you reduce the risk of fraud, and it also helps you detect errors or irregularities. You can also use segregation of duties to enforce internal control policies. Complete the following procedure to create a rule from the Match roles page. |
Duplicate role |
Security administrator |
It is advisable to create a subset of security roles that are actually used in your company. This way, the security administrator has a better overview of the security roles that are used in your company. So, if a standard security role matches a scenario, you can create an exact copy of this standard security role and assign this copy to the applicable users. |
Create role from scenario based on selected role and selected duties and/or privileges |
Security administrator |
If a partially matched security role is found, you can create a new security role based on the selected role and selected duties and/or privileges. |
Create role from scenario with selected duties |
Security administrator |
If you match roles to the securable objects from a security scenario, you can choose to create a new role from a selection of matched duties. So, you can create a specific security role, which is still based on the security scenario. The matched duties have at least one of the securable objects from the scenario. In determining the match, the access level for the securable objects, as defined on the security scenario, are not considered.
Note that:
This information offers the opportunity to reduce license costs. You can search for and select the duties with the lowest license type.
|
Create role from scenario with selected privileges |
Security administrator |
If you match roles to the securable objects from a security scenario, you can choose to create a new role from a selection of matched privileges. So, you can create a specific security role, which is still based on the security scenario. The matched privileges have at least one of the securable objects from the scenario. In determining the match, the access level for the securable objects, as defined on the security scenario, are not considered. Note that:
|