In order to create SoD violation tasks for reviewers to review, Separation of Duties (SoD) policies must be compiled. When a SoD policy compiles, EmpowerID creates a SoD review task for each person in a combination of groups or roles forbidden by the policy. For example, if you have a SoD policy with a rule set that specifies a violation should occur whenever any one person is assigned to both Management Role "A" and Management Role "B," when the policy runs it checks to see if any one person has both assignments, creating SoD review tasks if so.
There are two ways to compile SoD policies in EmpowerID. You can enable the
Separation of Duties Policy Compiler job in the EmpowerID Management Console to have EmpowerID automatically compile your policies as scheduled, or you can manually compile each SoD policy from the EmpowerID Web application.
This topic demonstrates how to compile a Separation of Duties policy both ways and is divided into the following activities: