|
Action
|
Segregation of Duties Inactive
|
Segregation of Duties Active, SOD Blocking Disabled
|
Segregation of Duties Active, SOD Blocking Enabled
|
|
You add a resource to a role in Role Permissions Maintain (36.3.6.5), causing violations.
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
You remove a resource that caused violations from a role in Role Permissions Maintain (36.3.6.5).
|
No segregation of duties checking.
|
Rule 1: Validates segregation of duties violation checks. The previous violation is fixed.
Rule 2: Validates segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You add a user to a role in Role Membership Maintain (36.3.6.6), causing violations.
|
No segregation of duties checking.
|
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
You remove a user that caused violations from a role in Role Membership Maintain (36.3.6.6).
|
No segregation of duties checking.
|
Rule 2: Runs segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You add a resource to a segregation of duties category, causing violations.
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
Rule 2: Runs segregation of duties checks. The action is not blocked and the violation is logged.
|
Rule 1: Validates segregation of duties violation checks. The action is blocked.
Rule 2: Validates segregation of duties violation checks. The action is blocked.
|
|
You remove a resource that caused violations from a segregation of duties category in SOD Category Membership Maintain (36.3.27.4).
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The previous violation is fixed.
Rule 2: Runs segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You define an incompatibility in SOD Matrix Maintain (36.3.27.3).
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
Rule 2: Runs segregation of duties checks. The action is not blocked and the violation is logged.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
You delete an incompatibility in SOD Matrix Maintain (36.3.27.3).
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The previous violation is fixed.
Rule 2: Validates segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You define an exception in SOD Policy Exception Create (36.3.27.2.1) that rectifies an existing violation.
|
No segregation of duties checking.
|
Rule 1: Validates segregation of duties violation checks. The previous violation is fixed.
Rule 2: Validates segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You delete an exception in SOD Policy Exception Delete (36.3.27.2.4). The policy exception had caused a previous violation to be resolved, and is now deleted.
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties checks. The action is not blocked and the violation is logged.
Rule 2: Runs segregation of duties checks. The action is not blocked and the violation is logged.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
You use SOD Role Exclusion (36.3.27.8) to define a segregation of duties exclusion for a role. The exclusion rectifies an existing violation.
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The previous violation is fixed.
Rule 2: Validates segregation of duties violation checks. The previous violation is fixed.
|
Not applicable.
|
|
You disable the Role is Excluded from SOD field in SOD Rule Exclusion (36.3.27.8). The role exclusion had caused a previous violation to be resolved, and is now reset.
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
Rule 2: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
Segregation of duties is activated in SOD Configuration (36.3.27.14).
|
No segregation of duties checking.
|
Rule 1: Runs segregation of duties violation checks. The action is not blocked and the violation is logged.
Rule 2: Runs segregation of duties checks. The action is not blocked and the violation is logged.
|
Rule 1: Runs segregation of duties violation checks. The action is blocked.
Rule 2: Runs segregation of duties violation checks. The action is blocked.
|
|
Segregation of duties is disabled in SOD Configuration (36.3.27.14).
|
No segregation of duties checking.
|
Rule 1: Existing violations are fixed.
Rule 2: Existing violations are fixed.
|
Not applicable.
|