Saturday, 6 December 2008

Application Separation Of Duty

Separation of Duty (SOD) is often enforced per application. Within a ERP application like JD Edwards, SAP or Oracle E-Business Suite the roles are checked against a list of roles that can't be shared.
The roles that can't be shared are defined by business standards for the specific market, laws like Sarbanes Oxley and company specific.
Because the SOD enforcement wasn't build in the core of the systems the SOD checks are post role assignment. On a regular basis the roles assignments to the persons, groups or department are checked against the SOD list.
Then these SOD need to be resolved. This can work but will mean extra work since the roles assignments are checked after the fact. When an SOD is found these need to be resolved by assigning the role to another person or group of persons.
Off course when the roles were defined they needed to be checked that they only have SOD conflicts within the role.

1 comment:

Thijs Janssen said...

Is it possible to provide the SOD-list?