You can appoint a user as a stand-in for another user for a specified period. For example, if a user has a vacation, you can appoint a stand-in during this vacation. For auditing purposes, you cannot delete stand-in records with periods in the past.
| Name | Responsible | Description |
|---|---|---|
|
Appoint stand-ins |
Security administrator |
You can appoint a user as a stand-in for another user for a specified period. For example, if a user has a vacation, you can appoint a stand-in during this vacation.
For auditing purposes, you cannot delete stand-in records with periods in the past.
|
|
Validate segregation of duties for stand-in |
Security administrator |
You can set up rules to separate tasks that must be performed by different users. This concept is named segregation of duties. If you use segregation of duties rules, you can validate if the assignment of the user roles to the stand-in user complies with the segregation of duties rules. If assigning the user roles to the stand-in violates the segregation of duties rules, a message is displayed with the name of the role and the names of the conflicting duties. The security administrator must either indicate the mitigation for the security risk or modify the conflicts so that segregation of duties rules are not violated. If no rules are violated, a message indicates that the stand-in role complies with the segregation of duties rules.
Note: If enhanced segregation of duties rules are enabled, the stand-in role assignment is validated against the enhanced segregation of duties rules. |
|
Assign stand-in roles |
Security administrator |
If you have set up stand-ins, the actual assignment of the required security setup is only done for the defined period. Use the
Assign stand-in roles batch job to do the actual assignment. This batch job activates and deactivates the required security setup for the stand-ins:
Notes:
You are advised to run this batch job daily. Preferably, before working hours. For example, run the batch job at 00:01.
|
