The Segregation of Duties analysis is a tool to analyze how well the security is setup separating the duties between users. The analysis shows any inappropriate user access and identifies which users that have access to specific functions in the system.
Create or Modify Functional Areas¶
A Functional Area is defined by a set of security objects. Functional Areas are used when setting up rules for which areas that can be accessed by the same user. It can also be used for tracking which users have access to the area.
To create a new functional area, click on New Functional Area in Solution Manager / Users and Permissions / Segregation of Duties. It will open create a new functional area assistant. Users should add projections, projection actions, projection entities, and entity actions to complete the creation of the Functional Area.
To Modify a functional area, click on the Functional Area in Solution Manager / Users and Permissions / Segregation of Duties, and select the specific functional area. use the edit command to change the basic details of the functional area. In the tab view, use the "New" command to add projections, projection actions, entities, and entity actions.
Import and export a Functional Area¶
A Functional Area can be exported to and imported from the file system via XML-files.
Navigate to the New Functional Areas page. Select the Functional Area that you want to export and then click the Exportcommand. Save the export file. You can export multiple files at once as a compressed file.
The export file contains the Functional Area ID, the description and the connected objects, and conflicts.
A Functional Area export file is imported by clicking onImport command in the Functional Areas page.multiple file imports are allowed
The Functional Area name is unique within the system and you get a question if you want to replace pr merge the Functional Area if a Functional Area with the same name already exists.
Setting up Functional Area Conflicts¶
Clicking on Functional Area Conflicts in the navigator or on the Functional Areadetails page shows the setup of Functional Area Conflicts. A conflict between two Functional Areas indicates duties that need to be protected which the same user should not have access to. There are two types of conflicts; Warning and Not Allowed. This indicates the severity of the conflict. Which rules that are needed and the severities very much depend on the size of the company.