Segregation of Duties
Description
The segregation of duties (SoD) is a fundamental element of internal controls, defined to prevent error and fraud. Segregation of duties ensure that at least two individuals are responsible for the separate parts of any task.
For each user, the roles tab displays the list of roles assigned to the user and the possible risks. If you click on a role record, Soffid will show the entitlement details including the SoD rules with the detail of the risk.
Screen overview
Related objects
- Information systems : information systems and roles where the SoD rule is applied
- Roles
- Users : where you can check if a granted role has a comment related to the SoD.
Standard attributes
SoD table
- Qualified name: asset or application, from a functional point of view, on which the permissions are granted or revoked.
- Name: name of the segregation of duties.
SoD detail
- Name: name of the segregation separation of duties.
- Information system: asset or application, from a functional point of view, on which the permissions are granted or revoked.
- Type: type of segregation.
- Trigger on all permissions: no user can be assigned the roles added to the role list.
- Trigger on some permissions: if you select that option, you have to fill in the number of roles that can not match. Soffid will not allow you to assign to a user more than the number indicated of the roles added to the role list.
- Query permissions matrix: Soffid displays a matrix that allows you to select the risk between pairs of roles, those roles are the roles added to the role list.
- Risk: level of risk:
- Low: allows the user to have all roles, but a small warning is displayed on the user screen when viewing the role details.
- High: allows the user to have all roles, but a big warning is displayed on the user screen when viewing the role details.
- Forbidden:
- None: there is no risk.
- Role List: list of roles to keep in
mindmind on the segregation of duties.- Name: name of the role
- Description: description of the role
- System: target system owner of the role
Actions
SoD table
|
"Query" |
Allows you to query Segregation of Duties through different search systems, Basic and Advanced. |
|
Add new |
Allows you to add a new segregation of duties in the system. To add a new segregation of duties it will be mandatory to fill in the required fields |
|
Delete segregation of duties |
Allows you to remove one or more segregation of duties by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. |
|
Download CSV file |
Allows you to download a CSV file with the basic segregation of duties data. |
|
Import |
Allows you to import a CSV file with the list of segrefation of duties to be created or updated. |
SoD detail
|
Apply changes |
Allows you to save the data of the segregation of duties. To save the data it will be mandatory to fill in the required fields |
|
Delete segregation of duties |
Allows you to delete the segregation of duties. Soffid will ask you for confirmation, you could confirm or cancel the operation. |
|
Undo |
Allows you to quit without applying any changes. |
| Add new (role list) | Allows you to add a new role to the role list. Soffid will show a form to search and select one or more roles. Finally, you need to click the apply changes button and the roles will be added to the role list. |
| Delete (role list) |
Allows you to delete one or more roles from the role list. You can select one or more roles and then click this button. The roles will be deleted from the role list without Soffid asking for confirmation. |
| Preview changes |
Allows you to quickly see which users are affected by this role segregation rule. |
Others
SoD granting a role
When a role that is included in a SoD rule is granted, it will be indicated in the SoD rules field.
Image
