Hi
I think you can, but this is not a standard feature and will consume a HUGE amount of worktime and brainwork
I think you will need to create a SoD table in your database which contains all unwanted relations between your Roles & Privileges MSKEYS (ideally). On the other hand I think the standard SoD contains mappings between TCodes and/or activities which are not available in IdM.
In your IC you could create a conditional task with a custom SQL-query that returns if the (any?) combination of current role/ auto-role/ privilege/ auto-privilege assignments and the desired role /... is contained in that table and reacts on the outcome.
But I can only imagine that this solution will be really complex (a custom-built GRC) and error-prone - and still without Compliance or any audit-data.
Maybe there are other solutions... or it might be (in the long-term) cheaper (and safer) to license GRC?!
BR
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.