on 01-24-2010 5:04 AM
Hi IDM gurus,
Can IDM do SOD check on its own (without GRC integration) using its own simple rule set?
Thank you,
I shall wait for few more answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Saayi,
There is functionality at the Role level for this. The "Mutual Exclusions" tab can be used to prevent the users of one role from having another role -- i.e. a Buyer cannot also be an Approver, for example. Not nearly the functionality of GRC, but it could be used for many scenarios.
Best Regards,
Matt
Hi
I think you can, but this is not a standard feature and will consume a HUGE amount of worktime and brainwork
I think you will need to create a SoD table in your database which contains all unwanted relations between your Roles & Privileges MSKEYS (ideally). On the other hand I think the standard SoD contains mappings between TCodes and/or activities which are not available in IdM.
In your IC you could create a conditional task with a custom SQL-query that returns if the (any?) combination of current role/ auto-role/ privilege/ auto-privilege assignments and the desired role /... is contained in that table and reacts on the outcome.
But I can only imagine that this solution will be really complex (a custom-built GRC) and error-prone - and still without Compliance or any audit-data.
Maybe there are other solutions... or it might be (in the long-term) cheaper (and safer) to license GRC?!
BR
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.