The Segregation of Duties analysis is a tool to analyze how well the security is setup separating the duties between people. The analysis shows any inappropriate user access and identifies which users that have access to specific functions in the system.
A Functional Area is a small part of the system defined by a set of security objects; database methods, database views and activities. It is useful when you easy want to track which users that have access to the area. Functional Areas are also used when setting up rules which areas that can be accessed by the same user.
Functional Areas are defined in the Functional Area form. The only thing you are required to enter is a name of the Functional Area. The Functional Area is connected to a set of security objects i.e. Database Methods, Views and Activities. You add the security objects by clicking on the link Add Activities or Add Views and Methods. Double click on a security object to add it and close the dialog. You can also use the context menu (right-click) in the dialog to add several security objects.
Functional Areas can be saved to and loaded from the file system. A Functional Area export file (*.xml) is imported by clicking on Import Functional Area in this start page. The Functional Area name is unique within the system and you get a question if you want to replace the Functional Area if a Functional Area with the same name already exist. The export file contains the Functional Area ID , the Description and the connected objects. It does not contain Functional Area Conflicts.
Clicking on List Functional Area Conflicts in the navigator or in the start page shows the rules which Functional Areas that are conflicting. A conflict between two functional areas is setup when the two functional areas should not be possible to access by the same user. There are two types of conflicts; Warning and Not Allowed. This indicates the severity of the conflict. Which rules that are needed and the severities very much depends on the size of the company.
