Create security request from any page
|
Security request user
|
Use security requests to register any required changes in the security setup. As a user, you can create a security request from any page. You can only do so if the 'Security request user' role is assigned to your user setup. Security request typeFor each security request type, a different type-specific section is added to the Security request page. In this section, fill in or add the required type-specific information. This table shows the available security request types, for each type the related section, and a description of what to do in this section (see step 10): Type | Type-specific section | Description |
---|
General | - | Request a security configuration change that is not related to any of the types. | Create user | Create users | Request the creation of a user. Add the desired roles for the user. To each role, assign the companies in which the user has the role. You can assign: - All organizations: The user has the role in all existing companies.
- Specific organizations: You can select specific companies from all legal entities or from the organization hierarchies.
You can set the From date and To date fields to define the period when the user must be active. When approved, the user is created but is only active in the defined period. Once the defined period is over, the user is automatically deactivated. | Assign role to user | Assign roles to user | Request to add one or more roles to an existing user. To each role, assign the companies in which the user has the role. You can assign: - All organizations: The user has the role in all existing companies.
- Specific organizations: You can select specific companies from all legal entities or from the organization hierarchies..
You can set the From date and To date fields to define the period when the role must be assigned to the user. When approved, the role is only assigned in the defined period. Once the defined period is over, the role is automatically removed. | Remove role from user | Remove roles from user | Request to remove one or more roles from an existing user. You can set the From date and To date fields to define the period when the role must be removed from the user. When approved, the role is only removed in the defined period. Once the defined period is over, the role is automatically re-assigned. | Disable user | Disable users | Request to disable one or more existing users. You can set the From date and To date fields to define the period when the user must be disabled. When approved, the user is only disabled in the defined period. Once the defined period is over, the user is automatically re-enabled. | Enable user | Enable users | Request to enable one or more existing users. You can set the From date and To date fields to define the period when the user must be enabled. When approved, the user is only enabled in the defined period. Once the defined period is over, the user is automatically disabled. | Delete user | Delete users | Request to delete one or more existing users. | Create role | Create role | Request to create a role. Use a security scenario to indicate all securable objects and related access levels that are required for the role to perform one or more tasks. You can select an existing scenario or upload a task recording that defines the scenario. | Modify role | Modify role | Request to modify one or more roles. For each role, you can use a security scenario to indicate all securable objects and related access levels that are required for the role to perform one or more tasks. You can select an existing scenario or upload a task recording that defines the scenario. | Lock role | Lock roles | Request to lock one or more roles. | Unlock role | Unlock roles | Request to unlock one or more roles. | Delete role | Delete role | Request to delete one or more roles. | Create rule | Enhanced SoD rules | Request to create one or more enhanced segregation of duties rules. | Resolve conflict | Enhanced SoD conflicts | Request to solve one or more enhanced segregation of duties conflicts. | Delete rule | Delete enhanced SoD rule | Request to delete one or more enhanced segregation of duties rules. | Add stand-in | Create stand-in | Request to appoint a stand-in for one or more users for a specified period. You can request a stand-in for yourself or for another user. You can select which roles to assign to a stand-in user instead of automatically assigning all roles of the primary user. You can assign specific roles to limit security risks and only assign the necessary roles to the stand-in user. In the Create stand-in section, click Assign roles, and choose which of the primary user’s roles to assign to the stand-in user. You can only select roles that are not yet assigned to the stand-in. | Cancel stand-in | Remove stand-in | Request to remove a stand-in appointment for one or more users for a specified period. You can request to cancel a stand-in for yourself or for another user. | Create business risk | Create business risk | Request to add an operational risk for your company. You can link the risk to enhanced segregation of duties rules. |
|
Submit security request for approval
|
Security request user
|
As a security request user, you can create a security request from any page. Usually, the security manager must approve a security request. Once you have completed the security request creation, submit the security request for approval. How the approval process is done depends on the setup: - An approval workflow is active: You submit the security request to the approval workflow.
- No approval workflow is active: You manually assign the security request to a security manager for approval.
|
Create security request in Security and compliance studio
|
Security administrator
|
As a security administrator, use security requests to register any required changes in the security setup. In Security and compliance studio, you can create security requests from the Security management workspace. Security request typeFor each security request type, a different type-specific section is added to the Security request page. In this section, fill in or add the required type-specific information. This table shows the available security request types, for each type the related section, and a description of what to do in this section (see step 9): Type | Type-specific section | Description |
---|
General | - | Request a security configuration change that is not related to any of the types. | Create user | Create users | Request the creation of a user. Add the desired roles for the user. To each role, assign the companies in which the user has the role. You can assign: - All organizations: The user has the role in all existing companies.
- Specific organizations: You can select specific companies from all legal entities or from the organization hierarchies.
You can set the From date and To date fields to define the period when the user must be active. When approved, the user is created but is only active in the defined period. Once the defined period is over, the user is automatically deactivated. | Assign role to user | Assign roles to user | Request to add one or more roles to an existing user. To each role, assign the companies in which the user has the role. You can assign: - All organizations: The user has the role in all existing companies.
- Specific organizations: You can select specific companies from all legal entities or from the organization hierarchies..
You can set the From date and To date fields to define the period when the role must be assigned to the user. When approved, the role is only assigned in the defined period. Once the defined period is over, the role is automatically removed. | Remove role from user | Remove roles from user | Request to remove one or more roles from an existing user. You can set the From date and To date fields to define the period when the role must be removed from the user. When approved, the role is only removed in the defined period. Once the defined period is over, the role is automatically re-assigned. | Disable user | Disable users | Request to disable one or more existing users. You can set the From date and To date fields to define the period when the user must be disabled. When approved, the user is only disabled in the defined period. Once the defined period is over, the user is automatically re-enabled. | Enable user | Enable users | Request to enable one or more existing users. You can set the From date and To date fields to define the period when the user must be enabled. When approved, the user is only enabled in the defined period. Once the defined period is over, the user is automatically disabled. | Delete user | Delete users | Request to delete one or more existing users. | Create role | Create role | Request to create a role. Use a security scenario to indicate all securable objects and related access levels that are required for the role to perform one or more tasks. You can select an existing scenario or upload a task recording that defines the scenario. | Modify role | Modify role | Request to modify one or more roles. For each role, you can use a security scenario to indicate all securable objects and related access levels that are required for the role to perform one or more tasks. You can select an existing scenario or upload a task recording that defines the scenario. | Lock role | Lock roles | Request to lock one or more roles. | Unlock role | Unlock roles | Request to unlock one or more roles. | Delete role | Delete role | Request to delete one or more roles. | Create rule | Enhanced SoD rules | Request to create one or more enhanced segregation of duties rules. | Resolve conflict | Enhanced SoD conflicts | Request to solve one or more enhanced segregation of duties conflicts. | Delete rule | Delete enhanced SoD rule | Request to delete one or more enhanced segregation of duties rules. | Add stand-in | Create stand-in | Request to appoint a stand-in for one or more users for a specified period. You can request a stand-in for yourself or for another user. You can select which roles to assign to a stand-in user instead of automatically assigning all roles of the primary user. You can assign specific roles to limit security risks and only assign the necessary roles to the stand-in user. In the Create stand-in section, click Assign roles, and choose which of the primary user’s roles to assign to the stand-in user. You can only select roles that are not yet assigned to the stand-in. | Cancel stand-in | Remove stand-in | Request to remove a stand-in appointment for one or more users for a specified period. You can request to cancel a stand-in for yourself or for another user. | Create business risk | Create business risk | Request to add an operational risk for your company. You can link the risk to enhanced segregation of duties rules. |
|
Submit security request for approval
|
Security administrator
|
As a security administrator, you can create a security request from the Security management workspace. Usually, a security request is approved by the security manager.
Once you have completed the security request creation, submit the security request for approval.
How the approval process is done, depends on the setup:
- An approval workflow is active: You submit the security request to the approval workflow.
- No approval workflow is active: You manually assign the security request to a security manager for approval.
|
Approve security request
|
Security manager
|
Usually, a security manager must approve the security request before it is implemented. How the approval process is done depends on the setup: - An approval workflow is active: Approve the security request using the approval workflow.
- No approval workflow is active: Manually approve the security request.
When you review the security request, on the Security requests page, on the Action Pane, on the Requests tab, you can: - View the related record, if defined.
- Change the priority.
Once approved, the security request is implemented automatically. If dynamic snapshots are enabled, the implemented security configuration changes are updated automatically in the latest snapshot. |