SAST has defined SoD control mechanisms in its package. These principles are based on the verification standards used by leading audit firms. They therefore cover all the necessary monitoring requirements. However, each of the clients using SAST can also adapt their internal requirements and implement them into their own matrix.
In today's article, we will discuss what SoD is and how to strengthen its control in an organization using the example of a permission conflict at the BASIS level
Segregation of Duties – separation of responsibilities, which means that certain tasks within a given business process should not be performed by the same person or organizational unit in accordance with:
SAST Authorization Management andSAST Risk and Compliace Management allows us to prepare a matrix of permissions conflicts not only at the transaction level, but also we have the ability to add dependent authorization objects.
Let's use an example of a permission conflict at the BASIS level, where users can manage users and modify roles in SAP at the same time.
Each critical authorization has a unique ID (Authorization ID).
The authorization ID list is shown in the table.
Each critical authorization defines dependent transactions and authorizations.
Each critical authorization has a unique ID (Authorization ID).
The authorization ID list is shown in the table.
Each critical authorization defines dependent transactions and authorizations.
In order toremoval of SoD conflict in a role, we must eliminate one process.
The role must be modified enough to get rid of transactions and dependent authorization objects from one process.
The tool provided by Akquinet which is SAST helps customersstrengthen SoD control in your organization. This product allows todetect, analyze, monitor and build risks.
Automates access control for critical transactions contained in SAP roles.
Author: Marek /Sast Team Polska/
ALSO WORTH READING: