Skip to main content

Hi,

I’m looking for someone that would be kind enough to share their functional areas that they have set up for the segregation of duties with me.  These can be exported and imported quite easily and it would prevent me from having to reinventing the wheel.

Thanks in advance

Bryan Hudson

@orsbhudson 

I started this but never got it finished due to the significant conflicts we had across permission sets. I’d be interested if you get further with it.  It was always strange to me that this wasn’t setup out of the box, I’ve tried getting info from IFS experts, but that never went far either.

Regards,

Shawn

Hi Shawn,

I found a post on the old openIFS forum that was helpful in trying to set up segregation of duties.  The link to the old forum’s post is https://open.ifsworld.com/forum/Lists/SOX/Flat.aspx?RootFolder=https%3a%2f%2fopen%2eifsworld%2ecom%2fforum%2fLists%2fSOX%2fHow%20to%20set%2dup%20SOD%20matrix%20in%20Solution%20Manager&FolderCTID=0x012002001096633DC5548B4F9C5D8F8801A35350

Thanks Bryan @orsbhudson for sharing, that definitely gives a step up the various areas.  I’ll have to dig into this again and see how far I get.

With a partner (CapGemini) we have made based on the SOD a solution that when a new conflict arose an email was triggered that was picked up by the internal ticketing system (TopDesk). Maybe an idea to set up as well.

 

  1. Migration Job :

                          C_FA_OBJECT_TRANSACTION_VUL_ID.LST

A migration job "FULL_LIST_SOD_CONFLICTS_1  - Export the list of Segregation Of Duty conflicts export data from  view 'FUNC_AREA_CONFLICT_PERMISSIONS' and user can save data into local system from export to file in migration job.

  1. Schedule task

C_SOD_Conflict_ScheduleTask.ins

A schedule task "IFS Segregation Of Duty conflict(s) found for USERID" will be schedule  for each user with violations or conflicts for the users roles, an e-mail will be send to Topdesk.

  1. Package

XXX_UTILITY_API

Schedule task ... - IFS Segregation Of Duty conflict(s) found for USERID will call    procedure C_SOD_User_Email_Tdesk to send e-mail to Topdesk.       

                          C_SOD_Conflict _Insert.sql

Insert into temporary table of current records of view 'FUNC_AREA_CONFLICT_PERMISSIONS' to capture the conflict of users and compare with next day records of view 'FUNC_AREA_CONFLICT_PERMISSIONS'

Hi @orsbhudson,
Please check if the attached ppt helps somewhat. 
Main KBA : 

 

Reply


Terms & ConditionsCookie settings