Segregation of duties rules (form) [AX 2012]

Updated: May 8, 2011

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

Click System administration > Setup > Security > Segregation of duties > Segregation of duties rules.

Use this form to set up rules for segregation of duties. Create a rule when two duties must be performed by separate roles for better security or better compliance with policies and regulations. When two duties in the same role are in conflict, or when a user is assigned to two roles that contain conflicting duties, the conflict is logged. The security administrator must approve or reject each assignment that causes a conflict.

The following tables provide descriptions for the controls in this form.

Button

Description

New

Create a new rule for segregation of duties.

Delete

Delete the selected rule.

If you delete a rule for segregation of duties, any associated conflicts that are awaiting approval are also deleted. Conflicts that have already been approved or rejected are not deleted and remain available for auditing.

Validate duties and roles

Run the process that verifies whether existing security roles comply with the selected rule. You can validate only one rule at a time.

The Infolog displays the results of the validation. If there is a conflict, you can double-click the message to open the Security roles form. When the form opens, the role is automatically selected.

To verify whether existing role memberships comply with the rules, use the Verify compliance of user-role assignments with rules for segregation of duties form.

Field

Description

First duty

Select the first duty to include in the rule. A conflict is logged if an attempt is made to assign the first duty and the second duty to the same role, or to assign a user to two roles that contain the conflicting duties.

Second duty

Select the duty that must conflict with the first duty. A conflict is logged if an attempt is made to assign the first duty and the second duty to the same role, or to assign a user to two roles that contain the conflicting duties.

Severity

Select the severity of the security risk that occurs when the same user or role performs both duties.

Security risk

Enter a description of the security risk that occurs when the same user or role performs both duties.

Security mitigation

Enter information about how you can reduce the effect of the security risk.


Announcements: To see known issues and recent fixes, use Issue search in Microsoft Dynamics Lifecycle Services (LCS).

Community Additions

Show: