Skip to main content
Open

Record Separation of Duty Conflicts in IAM

Related products:Intelligent Application Manager
  • October 10, 2024
  • 3 replies
  • 54 views
  • Robert Jan de Nie
    Robert Jan de Nie
  • Michael
    Michael
  • K
    Kees
Robert Jan de Nie
Thinkwise blogger

Currently there is no way to assure that a role (or user group) should not co-exist (within a user or user group) with another role.

For example one user should not be able to create a credit invoice and pay the same credit invoice. In some cases you want this to be done by separate people within the business.

It would be good to be able to create a matrix of roles that should not be assigned to the same user or user group.

When a user tries to assign an illegal combination of roles to a group or a user (due to a combination of groups) IAM should not let you and give a warning.

Did this topic help you find an answer to your question?

3 replies

Arie V
Community Manager
Forum|alt.badge.img+12
  • Arie V
  • Community Manager
  • 1034 replies
  • October 10, 2024

@Robert Jan de Nie interesting Idea! I’m pretty sure Wagenborg had something similar on their backlog. But, could you check whether you can do what you request with the Security checks released in 2024.3?  https://docs.thinkwisesoftware.com/blog/2024_3#analysis---security-checks

@Suleyman is it still there and would you have anything to add to this Idea?

Jeroen van den Belt
Administrator
Forum|alt.badge.img+9
NewOpen
S
Sidekick
Forum|alt.badge.img+2
  • SuleymanSidekick
  • Sidekick
  • 14 replies
  • October 11, 2024

@Arie V @Robert Jan de Nie 
Let me first explain how we deal with the possible role conflicts :)

 

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings