You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties.
If you use segregation of duties rules, you can validate if the assignment of the user roles to the stand-in user complies with the segregation of duties rules.
If assigning the user roles to the stand-in violates the segregation of duties rules, a message is displayed with the name of the role and the names of the conflicting duties. The security administrator must either indicate the mitigation for the security risk or modify the conflicts so that segregation of duties rules are not violated. If no rules are violated, a message indicates that the stand-in role complies with the segregation of duties rules.
Note: If enhanced segregation of duties rules are enabled, the stand-in role assignment is validated against the enhanced segregation of duties rules.
Standard procedure
| 1. |
Click Security management. |
| 2. |
Click the Stand-ins tab. |
| 3. |
Click Edit. |
| 4. |
In the list, find and select the desired record. |
| 5. |
Click Validate SoD rules. |
| |
Note: Check the resulting messages. If violations are indicated, solve these violations.
|
| 6. |
Close the page. |