Segregation of duties rules
In Bravura Security Fabric , Segregation of duties (SoD) rules provide a way of identifying exceptions to roles or possible access conflicts. They are a component of a role-based access control system, along with roles.
Information regarding the rule is defined in four tabs:
General | Define rule ID, description, status of the rule, the number of entitlements needed to be considered in violation, total number of users in violation of the rule, and the number of users in violation without approved exception. The values for the number of users in violation are auto-generated. |
Authorization | Define whether requests for exceptions to the rule require authorization, how many authorizers, and which authorizers. You can also define how many authorizers must deny the request for it to be denied. |
Entitlements | Define which resources are considered part of the rule; this can include template accounts, managed groups, and sub-roles. |
Violators | Lists all users currently in violation of the SoD rule, users without approved exceptions, and users with approved exceptions. The content is auto-generated. Violators are calculated recursively. For example, if an SoD rule’s entitlements contain two roles, and each role has managed groups as their entitlements, then the violators include both common users in the roles as well as the common members in the managed groups. |
Rule status
When creating a rule you must set its status. For a rule to be active it must be enabled.
An enabled rule can be deprecated once it is used.