The Segregation of Duties analysis is a tool to analyze how well the security is setup separating the duties between users. The analysis shows any inappropriate user access and identifies which users that have access to specific functions in the system.
A Functional Area is defined by a set of security objects. Functional Areas are used when setting up rules for which areas that can be accessed by the same user. It can also be used for tracking which users that have access to the area.
IFS Enterprise Explorer and IFS Aurena uses different security objects to grant user access. Your security setup may grant users access to the same functionality in both IFS Enterprise Explorer and IFS Aurena. When setting up Functional Areas it's important to include the security objects for the intended client or clients, depending on the segregation of duties that needs to be protected.
Security objects summary
Enterprise Explorer:
IFS Aurena:
Functional Areas are defined in the New Functional Area form. To add security objects in the Enterprise Explorer tab , click on Add Views and Methods or Add Activities. To add security objects in the IFS Aurena Tab, click on Add Security Objects. Double click on a security object in the dialog to add it to the Functional Area. To add several security objects from the dialog, right click on a security object to bring up the context menu and select the security objects to add.
It is also possible to add security objects from the List of Values for each table. Create a new row in a table and press F8 on your keyboard while having the row selected. The List of Value for that specific security object is then presented.
A Functional Area can be exported to and imported from the file system via XML-files.
Export
Navigate to the New Functional Area page. Populate
the Functional Area that you want to export and then click Export Functional
Area. Save the export file.
The export file contains the Functional Area
ID, the description and the connected objects. It does not contain Functional
Area Conflicts.
Import
A Functional Area export file is imported by clicking on Import Functional Area
in the Segregation of Duties Analysis start page.
The Functional Area
name is unique within the system and you get a question if you want to replace
the Functional Area if a Functional Area with the same name already exist.
Clicking on List Functional Area Conflicts in the navigator or in the Segregation of Duties Analysis startpage shows the setup of Functional Area Conflicts. A conflict between two Functional Areas indicates duties that needs to be protected which the same user should not have access to. There are two types of conflicts; Warning and Not Allowed. This indicates the severity of the conflict. Which rules that are needed and the severities very much depends on the size of the company.
Please avoid adding the same functional area as a conflict. This is meaningless and might course segregation of duties cache refresh issues.
