Adding Rules Separation of Duties Policies

Adding Rules Separation of Duties Policies

Once you have created a Separation of Duties (SoD) policy, you define it by adding rules to it. These rules are always based on inappropriate access to resources occurring from an intersection of assignments or attributes and must include two sets of expressions to be implemented.

To add rules to the SoD Policy

  1. Log in to the EmpowerID Web application as an administrator.
  2. From the Navigation Sidebar, navigate to the Audit Configuration page by expanding Compliance and Reports > For Auditors and clicking on Audit Configuration.
  3. From the Audit Configuration page, click the SoD Policies tab and search for the SoD Policy to which you want to add rules.
  4. From the SoD Policies grid, click the drop-down arrow beside the SoD policy and then click the Edit link.
  5. From the Edit page for the SoD policy that appears, scroll to the Separation of Duties Rule section. This section contains two grids for adding the sets of roles or groups whose cross-assignment to any one person will cause a SoD violation to occur.
  6. The below image shows the Separation of Duties Rule section in our environment. As can be seen, we are adding rules for a Management Role policy.

  7. In Set A of the Separation of Duties Rule section, type the name of the first role or group (depending on the policy type for which you are creating the rule) that defines the inappropriate assignment in the Enter name to add field and then click the tile for that object.
  8. In Set B of the Separation of Duties Rule section, type the name of the second role or group (depending on the policy type for which you are creating the rule) that defines the inappropriate assignment in the Enter name to add field and then click the tile for that object.
  9. Click Save.
After the SoD Policy has been created, you need to assign the Reviewer Resource Role to members of your audit team for both the SoD policy and the Person objects that could be violators of the policy before they can perform an audit on any SoD Violations that occur. The SoD Violations Search page in the EmpowerID Web Application is where SoD Violations task items can be found each time a SoD Policy runs and catches violations to SoD policies.