1. Data Management
  2. Security and Compliance Studio
  3. Activities

Match security roles to security scenario
Application task

Use match roles to match all securable objects, as defined in a security scenario, to security roles.

In general, a match means that the securable object exists on the role with a given access level.
 
Which roles are a match, is defined by:
  • The required access level for each securable object, as defined in the security scenario (only applicable for exact match). 
  • How you match the security roles.
  • The entry points as defined for the duties and privileges of each role.
You can match roles in these ways:
  • Exact match
    Only those security roles are a match that have the securable object with the required access level.
  • Minimum/maximum match
    Only those security roles are a match that have the securable object with an access level that is in the range of the defined minimum access level and maximum access level.
Each security role, with a match for at least one of the securable objects from the security scenario, is shown as a matched role. The matching degree of each matched security role indicates to what extent the role has matching entry points.
 
If you find a matched security role, you can assign users to it.


Standard procedure

1. Click Security management.
2. Click the Scenarios tab.
3. In the list, find and select the desired record.
4. Sub-task: Exact match.
5. You can do an exact match of security roles. As a result, only those security roles are a match that have the securable object with the required access level.
  Click Match roles.
6. Select Yes in the Match using access level information field.
  6.1 You can also search for duties and privileges with unmatched entry points. These duties and privileges give access to the securable objects that cannot be accessed by a selected role.
  Click Yes in the Search for unmatched entry points? field.
  6.2 Click OK.
7. Sub-task: Minimum/maximum match.
  7.1 You can do a minimum/maximum match of security roles. As a result, only those security roles are a match that have the securable object with an access level that is in the range of the defined minimum access level and maximum access level.
  Click Match roles.
  7.2 Select No in the Match using access level information field.
  7.3 Select Yes in the Use minimum access right in match? field.
  7.4 In the Minimum rights field, select an option.
  7.5 Select Yes in the Use maximum access right in match? field.
  7.6 In the Maximum rights field, select an option.
  7.7 Click OK.
8. Sub-task: Analyze matches.
  8.1 On the Roles tab, the matched security roles are shown. For each security role, the matching degree indicates to what extent the role has matching entry points.
  8.2 In the list, find and select the desired record.
  8.3 On the Securable objects tab, the securable objects from the security scenario are shown. You can analyze how the selected role matches to the securable objects.
9. Sub-task: Assign users to role.
  9.1 If you have found a security role that matches the securable objects and required access rights, you can assign users to this security role.
  On the Roles tab, select a role.
  9.2 Click Assign users to role.
  9.3 On the Assign users to roles page, you can, for example: - Add a rule to automatically assign users to the security role. - Manually assign users to the security role.
 

Note: The role assignment is validated for segregation of duties violations. Note: If enhanced segregation of duties rules are enabled, the role assignment is validated against the enhanced segregation of duties rules.
  9.4 Close the page.
10. Close the page.
Related to Notes

Match roles

 		 

Provide feedback