Use this screen to compare a user-defined list of conflicting applications with user and user group rights (both Web and client/server), to determine if users have been assigned rights to two applications that conflict with each other. The list of conflicting applications must first be defined in the Conflicting Applications screen (Administration » Maintain » Segregation of Duties).
When the Use Web Security model for Client/Server option in the System Settings (Others » System Administration » System Settings) screen of Client Server is selected, this application automatically selects rights and identify conflicts setup in Web AND Client/Server by companies.
Define whether this process will prevent conflicting rights from being implemented using the Enforce Segregation of Duties Rules check box found only in the Web version of the Corporate Settings subtask of the System Settings screen (Administration » Configure » System). If that check box is selected, this application reviews user and user group rights, and if it finds a conflict, flags the appropriate rights record as in-conflict and unusable unless someone overrides the conflict in the Override Segregation of Duties application (Administration » Process » Segregation of Duties).
If the Enforce Segregation of Duties Rules check box is not selected, the Identify Segregation of Duties process still examines user and user group rights for conflicts and produces a report listing conflicts, but it won't disable user and user group rights. It will be up to the appropriate system administrator to correct the conflict by changing user/user group rights.
The process checks both user group and user rights for application conflicts. When checking for rights conflicts for a user group (Web or client/server), it compares only the module and application rights for that specific user group to one another for conflicts. If the same user group ID exists on both client/server and the Web, the process reviews them as separate entities. For users, however, it compares the rights of the user with the rights of any user groups assigned to them. If the same user ID exists on both the Web and client/server, it combines the rights from the two systems when doing the review. After reviewing the rights records, the process will update the rights status.
Use this screen whenever you need to identify segregation of duties conflicts. If the Enforce Segregation of Duties Rules check box found in the Corporate Settings subtask of the System Settings screen (Administration » Configure » System) is selected, run this process soon after user and/or user group rights are added or changed to allow the user to use the new rights (assuming no conflicts are found).
Use the fields in this block to create a new parameter ID or to view a previously saved parameter ID. A parameter ID represents a set of screen selection and report option parameters. Once you have saved a parameter ID and its related parameters, you can retrieve them using Query.
You can use the retrieved parameters to produce reports and run processes more efficiently and with greater consistency. Many users save a unique set of parameters for each different way they run a report or process. If you select a previously saved parameter ID or parameter description, the associated saved screen selection parameters will automatically display as selection defaults. You can change any of the associated selection defaults as necessary.
Enter, or use Query to select, a parameter ID of up to 15 alphanumeric characters. You should choose characters for your parameter ID that help identify the type of selections you made in the screen, such as “PERIOD” or “QUARTERLY.”
When you save your record, all the selections made in the screen (as well as Page Setup and Print Option settings) are stored with the parameter ID. Later, you can retrieve the parameter using Query.
You are not required to enter a parameter ID to run the process interactively. It is only necessary if you want to save the parameters for batch processing or reusing the parameters in a later session.
Enter, or use Query to select, a parameter description of up to 30 alphanumeric characters.
1st Sort *
Use this drop-down list to select how your report data sorts. Your options are: Domain/Module/Application, User/User Group, and Conflict Type.
The choices in this drop-down list are dependent on the choice you made in the 1st Sort field. Your choices are:
Conflicting Rights Only - If you select this option, you will only see rights that are in conflict on the report. Conflicts that were previously manually overridden do not display unless you select the Review Previously Manually Approved Rights check box.
Accepted and Conflicting Rights - This option is available only if you selected User/User Group in the 1st Sort field. This includes all assigned rights, whether a conflict has been identified or not.
Review Previously Manually Approved Rights
Select this check box to disregard and delete any previously entered manual overrides of conflicts entered in the Override Segregation of Duties application. If you don't select this check box, any previously overridden conflicts will be checked to determine if a conflict exists.
|
|
If this check box is selected in process mode, all previously entered manual overrides will be deleted when you run the process (but not if you just run the report or preview only). |
* A red asterisk denotes a required field.
Tables used by this application are:
W_USR_APP_CONFLICTS (Insert/Delete)
W_USR_CNF_RESLTN (Insert/Delete)
W_USER_GRP_USERS (Update/Delete)
USER_COMPANY (Update)
W_USER_COMPANY (Update)
W_APP_RIGHTS (Update)
W_MODULE_RIGHTS (Update)
USER_GROUP_MRIGHTS (Update)
USER_GROUP_RIGHTS (Update/Delete)
USER_MRIGHTS_OVRD (Update/Delete)
USER_RIGHTS_OVRD (Update/Delete)
