This User Guide covers the Segregation of Duties tool (SoD) and aims to establish a set of rules for access that you can compare to the security in your PeopleSoft Application. For example you may wish to find Users that can Cash a Check and then Write a Check, or Enter Time and then Run Payroll. In addition to being able to report on Access issues that you have, the solution will allow you to prevent access issues from being built through a proactive validation process. In addition to Segregation of Duties, the solution allows you to review 'single risks,' for example who has access to Components and Pages that allow for the maintenance of Security.
Sometimes, Users need to perform jobs that bring them into an Access violation, in this instance the tool will allow you to create a 'mitigation' with notes and an expiry date against a specific Rule. When applied to a User, the User will no longer be in violation of that Rule, but will appear in your reports and analysis as having a mitigation.
The following lays out the structure of the Rules in the tool:
Model
A model contains all of the Rules, everything is assigned to a model, and you can implement unlimited models.
Function
This represents a functional area, such as AR, AP, Payroll, Administration and so on. This is helpful to analyze which functional areas you have Rules and potentially identify areas that are weak and need more Rules.
Ability
This represents the duty or collection of Roles/Permission Lists/Components/Pages/User Preferences required to perform that duty. An example would be Run Payroll - this Ability would be expected to contain all of the parameters required to Run Payroll.
Rules
Once you have created Abilities, the Rules are created. The Rules are either Segregation of Duty or Single Risk Rules. SoD Rules separate Abilities, for example: Time Entry Vs Approve Time Entry. Single Risk Rules are built around one Ability, for example: Run Payroll.
The following sections give you a step by step guide to implementing the tool.