search
Release Notes

SoD Manager Assignment

Assign and manage responsibility for Separation of Duties queries.

hashtag
Overview

Separation of Duties queries can have both a creator and one or more managers responsible for actual policy enforcement. You can view and manage these users on the Separation of Duties overview page.

Manager assignments support:

  • Multiple Users per Query: You can assign more than one SoD manager to each query for shared responsibility and continuous oversight.

  • Bulk Operations: You can select multiple SoD queries and assign one or more managers to all queries, and combine bulk actions with filters for faster administration.

You can view the current SoD managers on the Separation of Duties overview. To focus on specific users, use the table controls to sort or filter by the "SOD MANAGERS" column.

Changes to SoD managers are also shown as "Edit" events in the Query Details > Edit History sidebar.

hashtag
Guidelines and Best Practices for SoD Management

Typically, a query creator is the person who initially defined the SoD query, while the SoD manager is responsible for oversight of the SoD policy represented by the query.

When assigning SoD managers, consider the following best practices:

  • Assign managers who understand and are responsible for the business process and security implications of the SoD policy

  • Consider assigning multiple managers to ensure coverage during absences

  • Review manager assignments periodically to ensure they remain appropriate as organizational roles change

  • For SoD policies that involve multiple teams or applications, consider assigning managers from different teams to provide additional perspectives

Notes on Terminology:

  • The term "SoD Manager" replaces "Query Owner" in the SoD UI, to distinguish between the query creators and those responsible for managing SoD policies.

  • SoD managers are different from the risk assignees who will remediate individual risks in SoD query results.

hashtag
Assigning SoD Managers

To assign SoD managers to queries:

  1. On the Separation of Duties overview, click the Assign SoD Manager button

    SoD overview with Assign SoD Manager button

  2. Pick one or more queries using the checkboxes on the left

    Select queries using checkboxes

  3. In the assignment modal that appears, search for users by name or email to assign as managers

    Assignment modal for selecting managers

  4. Review your selections in the list of "Selected SoD managers"

  5. Click Save to apply the assignments

PreviousExample Separation of Duties QueriesNextAccess Reviews for SoD

Last updated

Was this helpful?