Field
InformationThe Restricted Security Role Group (RESROLEP) page is used to manage combination/group of security roles that should not be assigned to the same user. The Separation of Duties Audit Report job can be run to report any users that were already assigned to the newly created restricted security role groups. The online Security Violation Run Inquiry (SCVIORUN) page can be used to generate and view the list of users that are assigned to restricted security role groups.
Previously, the Restricted Security Role Pairs (RESROLEP) page only allowed administrators to specify a pair of Restricted Security Roles that could not be assigned to the same user. This page is enhanced to allow administrators to specify any combination/group of security roles that should not be assigned to the same user. The page has been renamed to Restricted Security Role Group. The security roles can be added to the group from the grid. If all security roles within a group are assigned to the same user, then the user is violating the security policy and it will appear on the Separation of Duties Audit Report as well as the Security Violation Run Inquiry page.
Errors will be issued on Assign Security Role to User (SCUROL), Application Security Roles (APPROLES) and the UDOC transaction, if a user is being assigned to restricted security roles.
Note: To search on the Security Roles field, use double quotes (“”). For Example: “ADMIN”, “ALL_READ*”, and so forth. Wildcards are also supported; however, the entire search string should be inside double quotes.