|
|
|
Segregation of Duties (SOD) requirements prevent users from receiving privileges that may result in a conflict of interest or fraud. CA Identity Manager provides the following functionality to support SOD:
These policies, which execute before a task is submitted, allow an administrator to check for policy violations before assigning privileges or changing profile attributes. If a violation exists, the administrator can clear the violation before submitting the task.
For example, a company can create a preventative identity policy that prohibits users who have the User Manager role from also having the User Approver role. If an administrator uses the Modify User task to give a User Manager the User Approver role, CA Identity Manager displays a message about the violation. The administrator can change the role assignments to clear the violation before submitting the task.
CA Identity Manager administrators can validate proposed changes to provisioning roles and user attributes against Business Policy Rules (BPRs) in CA RCM before committing changes. BPRs represent various constraints on privileges. For example, a BPR may prevent users who have a purchasing department role, which allows members to order stock from subcontractors, from also having the subcontractor payment role. A system administrator, business manager, auditor, or role engineer creates BPRs in CA RCM.
Note: For more information about BPRs, see the CA RCM Sage DNA User Guide.
Note: For more information about preventative identity policies and Smart Provisioning, see the CA Identity Manager Administration Guide.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |