Create Rules

This section is the last step in the Setup process, it depends on you having created a Model, and some Abilities. At this point we can now create Rules involving those Abilities.

Step-by-step guide

Navigate to: Smart Solutions → Segregation of Duties → Setup → Create Rules

1. Once at the Search Console you can search on any existing Rules by Model or add a new one.
2. Upon adding a new Rule you will be able to enter a short and long description, giving you the chance to enter as many notes as to why this Rule exists.
3. On the right you can add a severity level and a justification code as described here: Define Justification Codes and finally any justification text.
4. At this point you can now use the buttons in the bottom half of the page to start adding an Ability or even an entire Function if required.
5. If you are creating a single risk Rule, just enter one Ability. In effect you are asking the software to just find Users who have access to the elements in that Ability.
6. For a Segregation of Duties Rule you need to compare the access to one Ability with another or more. In this instance you enter the first Ability and then you use the AND/OR buttons to choose the flow of the Rule. For example:
   1. Ability A and B - means a User must have Ability A AND B to break the Rule.
   2. Ability A and B and C - means a User must have A AND B AND C to break the Rule. This is a very specific approach, what happens if a User has A AND B but not C? The Software won't flag this as a match or violation.
   3. Ability A and B or C - means that a User must have Ability A and then either B or C or both to break the Rule. This allows for a more expanded review of Security, especially where the first Ability needs to be segregated from many other Abilities, that are not all combined.
      
      

Related articles