You can set up rules to separate tasks that must be performed by different roles or users. This concept is named segregation of duties. For example, you might not want the same person both to acknowledge the receipt of goods and to process payment to the vendor. Segregation of duties helps you reduce the risk of fraud, and it also helps you detect errors or irregularities. You can also use segregation of duties to enforce internal control policies.
Enhanced segregation of duties
Why consider using the enhanced segregation rules? With the enhanced segregation rules, you can not only define segregation rules on duty level, but also on privilege level, on entry point level, and with segregation security sets.
With a segregation rule on duty level only, the related privileges or entry points can also be linked to another duty to which the segregation rule does not apply. By defining the segregation on a lower level (privilege or entry point), you can enforce segregation more precisely.
If you use enhanced segregation rules, the related validation and verification of user-role compliance is done on the defined level.
Example:
SoD-rule1 segregates Duty1 and Duty2. So, these duties cannot be linked to the same role/users. For example, Role1.
Using the entry points of Duty1, a new duty is created: Duty3. Using the entry points of Duty2, a new duty is created: Duty4.
As SoD-rule1 does not segregate Duty3 and Duty4, both can be linked to Role1. This gives Role1 all rights as defined by Duty1 and Duty2, which is not allowed by SoD-rule1.
SoD-rule2 segregates EntryPoint1 and EntryPoint5. By defining the segregation on entry point level, Duty3 and Duty4 are not allowed together for Role1.
Segregation on duty level only: 
