Segregation of Duties Analysis¶
The Segregation of Duties analysis is a tool to analyze how well the security is setup separating the duties between users. The analysis shows any inappropriate user access and identifies which users that have access to specific functions in the system.
The Segregation of Duties Analysis shows all conflicted users that have access to different areas. It indicates if there are any conflicts with the user's security setup so that the segregation of duties is not respected. Click on Analyze Segregation of Duties in Solution Manager/Users and Permissions/Segregation of Duties Analysis/Analyze Segregation of Duties to open this page.
This page shows the details of cached data and details of users who violate the segregation of duties and corresponding violations. Users can refresh the cache using the "Refresh Cache" command or see the refresh job schedule using the "View Refresh Cache Schedule" command.
Conflict Details¶
Users can select conflicts from the list and see the details using the "Conflict Details" command.
Resolve a Conflict¶
A conflict is only information that the security setup violates the segregation of duties rules. It will not have any impact on the access rights of the user. There are several ways to handle a situation when a conflict is reported. see the conflict details using the "Conflict Details" command.
- Is the rule valid? The rule might have to be evaluated to see if it applies to the context.
In the basic dataFunctional Area Conflicts,you can define the conflicting areas and set the severity. - Is the area too large? Does it cover too many functions? You might need to separate it into smaller areas. In the detail form Functional Area,it is possible to edit the definition of a Functional Area.
- Is the user granted too much? Revoke Permission Set grants so that the user only has access to one of the areas. If the Permission Sets granted to the user seems correct you need to check how the Permission Sets are defined. A Permission Set may need to be split into several smaller Permission Sets to setup the security so it does not violate the segregation of duties.