Symantec IGA

I have a requirement where a user is not allowed to have two job function roles assigned to the them. Currently we have Prov***1 Role- Prov***2 Role- Prov***3 Role, so if I select Prov***1 am not allowed to select the other 2 roles. What is the recommended process version CA IDM 14. Any help is greatly appreciated.

Hi Angel,

Two (2) methods will work:

1) IM already has SOD enforcement

Enforcing Segregation of Duties Requirements - CA Identity Manager - 14.2 - CA Technologies Documentation 

Compliance Support - CA Identity Manager - 14.2 - CA Technologies Documentation 

2) If the above link does not meet your needs, you can always use the features of:

a) Use one of the ten (10) custom fields on the Provisioning Roles for labels to enforce SOD, e.g. Financial AR Roles should not be mixed with Financial AP Roles   (avoid having the same person receiving funds and sending funds).

b) Framework enforcement:

     i) Either PX UI Rules to enforce what is selected; let it read the custom labels between all selected roles and prevent submissions.

   ii) May enforce with IM Screens with a validation Javascript to do the same or use PR names.

Example:  Enable Prov Role ten (10) custom fields to be usable for PX Rules and viewable in IM UI:

BEFORE:

Update to the Profile's Screen; enable all check boxes & submit.

AFTER:

A few reports for SOD compliance:

Complying with Business Policies - CA Identity Manager - 14.2 - CA Technologies Documentation 

Cheers,

Alan