Fine-grained Segregation of duties Anlysis
Introducing Fine-grained Segregation of Duties Analysis
Fine-grained Segregation of Duties Analysis extended
to evaluate Security Attributes.
SafePaaS continues to provide fine-grained control capabilities for ERP systems to ensure our customers receive the information they need to make better business decisions about risk. When users have access to one operating unit but not another it ́s a challenge for segregation of duties engines to track because they typically look at the functions or privileges granted to a user.
The SafePaaS violation engine has been enhanced to provide security context for each user to ensure control over false positives that are a significant challenge. For example, a user can pay suppliers in the US but not pay suppliers in the UK. Companies that operate globally typically have global consolidation of shared service centers and will have rules set up in the ERP that segregate duties based on context such as the country in which a user can operate or a ledger they can access. SafePaaS now allows certain users to perform tasks in certain ledgers, countries, or business units ensuring that false positives are not generated. This ensures time isn ́t wasted and resources don ́t spend time investigating non-issues causing unnecessary disruptions to business operations.
The following page shows the new feature for defining Rules with Security Attributes associated with Activities. The feature will enable you to detect Segregation of Duties and Sensitive Access violations for a specific Business Unit. You can enable the VIolation Engine to apply Security Attribute logic only once you enable the Inter-Org filter under the Advanced Filter Options.