SoD Manager Assignment

Assign and manage responsibility for Separation of Duties queries.

Overview

Separation of Duties queries can have both a creator and one or more managers responsible for actual policy enforcement. You can view and manage these users on the Separation of Duties overview page.

Manager assignments support:

Multiple Users per Query: You can assign more than one SoD manager to each query for shared responsibility and continuous oversight.
Bulk Operations: You can select multiple SoD queries and assign one or more managers to all queries, and combine bulk actions with filters for faster administration.

You can view the current SoD managers on the Separation of Duties overview. To focus on specific users, use the table controls to sort or filter by the "SOD MANAGERS" column.

Changes to SoD managers are also shown as "Edit" events in the Query Details > Edit History sidebar.

Guidelines and Best Practices for SoD Management

Typically, a query creator is the person who initially defined the SoD query, while the SoD manager is responsible for oversight of the SoD policy represented by the query.

When assigning SoD managers, consider the following best practices:

Assign managers who understand and are responsible for the business process and security implications of the SoD policy
Consider assigning multiple managers to ensure coverage during absences
Review manager assignments periodically to ensure they remain appropriate as organizational roles change
For SoD policies that involve multiple teams or applications, consider assigning managers from different teams to provide additional perspectives

Notes on Terminology:
The term "SoD Manager" replaces "Query Owner" in the SoD UI, to distinguish between the query creators and those responsible for managing SoD policies.
SoD managers are different from the risk assignees who will remediate individual risks in SoD query results.

Assigning SoD Managers

To assign SoD managers to queries:

On the Separation of Duties overview, click the Assign SoD Manager button
Pick one or more queries using the checkboxes on the left
In the assignment modal that appears, search for users by name or email to assign as managers
Review your selections in the list of "Selected SoD managers"
Click Save to apply the assignments

PreviousExample Separation of Duties Queries NextAccess Reviews for SoD

Last updated 21 days ago

Was this helpful?