- Data Management
- Security and Compliance Studio
- Activities
You can set up segregation of duties rules (enhanced) to separate tasks that must be performed by different roles or users. With the enhanced segregation rules, you can not only define segregation rules on duty level, but also on privilege level, on entry point level, and with segregation security sets.
On demand, a predefined set of segregation rules (enhanced) is available.
Predefined segregation rules
The set of segregation rules (enhanced) consists of:
- Segregation security sets: The segregation security sets have lists of entry points.
- Segregation of duty rules (enhanced): The segregation rules are based on segregation security sets or privileges.
The predefined segregation rules (enhanced) are mainly related to these functional areas:
- Purchase
- Sales
- Production
- Warehouse management
Import
You can import the predefined segregation of duties rules (enhanced) with the Data management import function.
To import the set of predefined segregation rules (enhanced):
- Create an import project.
- Add a file with source data format 'Package'.
- Upload the data file. As a result, these entities are added to the import project:
- Segregation security sets
- Segregation security set lines
- Enhanced SoD rules
- Run the import project.
On import:
- The segregation security sets and lines are imported.
- The segregation rules (enhanced) are imported. These rules are set up for segregation security sets or for privileges.
- For each imported segregation rule that is set up for segregation security sets, child segregation rules are generated. A child segregation rule is generated for each combination of entry points, as defined in the two segregation security sets of the segregation rule.