You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. For example, you might not want the same person both to acknowledge the receipt of goods and to process payment to the vendor. Segregation of duties helps you reduce the risk of fraud, and it also helps you detect errors or irregularities. You can also use segregation of duties to enforce internal control policies. Complete the following procedure to create a rule from the Match roles page.
| 1. | Click Security management. |
| 2. | Sub-task: Match roles. |
| 2.1 | Click the Scenarios tab. |
| 2.2 | In the list, find and select the desired record. |
| 2.3 | Click Match roles. |
| 2.4 | On the dialog, fill in the fields as required. |
| 2.5 | Click OK. |
| 3. | Sub-task: Create segregation of duties rule. |
| 3.1 | Go to the Matched duties tab. |
|
Note: If filled with different duties, you can also select the duties on the Duties that give access to the securable objects that cannot be accessed with the selected role tab. |
|
| 3.2 | In the list, find and select the first duty that is controlled by the rule. |
| 3.3 | In the list, find and select the second duty that is controlled by the rule. |
| 3.4 | Click Create SOD. |
| 3.5 | In the Name field, type a value. |
| 3.6 | Select the severity of the risk that occurs when the same user or role performs both duties. |
| In the Severity field, select an option. | |
| 3.7 | Enter a description of the security risk. |
| In the Security risk field, type a value. | |
| 3.8 | Enter a description of the actions that you take to mitigate the security risk. For example, you can mitigate the risk by conducting more detailed reviews of the process, by conducting a monthly managerial review, or by sharing resources with other departments. |
| In the Security mitigation field, type a value. | |
| 3.9 | Close the page. |
| Related to | Notes |
|---|---|
|
Match roles |