This is the third in our review of the top 10 most used reports which are ERP agnostic, and sharing why they should be in all of our customer's toolkits.
Useful Report #3: Role Conflicts
The Role Conflicts report in Fastpath is where role cleanup really starts. Role Conflicts identifies the segregations of duties (SoD) conflicts for a selected role. If multiple roles are selected, the report identifies conflicts within each role and across the selected roles. This also makes it useful as a quick “what if” test. For example, if a user has an AR Clerk role, how would their conflicts change if we added an AR Supervisor role?
Cross role analysis makes Role Conflicts different from the Individual Roles Conflicts report. Individual Role Conflicts only show conflicts within each role. It does not display conflicts across roles.
The Role Conflicts report consists of the conflict name, risk level, description, whether or a default mitigation is in place and optionally the business cycle and policy.
- The Conflict Name simply identifies the conflict, usually with a brief description of each element or side of the conflict.
- Risk refers to the assigned risk level and description is a brief explanation of why this may be a conflict.
- If a default mitigation has been applied to this conflict, the Default Mitigation field will be marked as True.
- Business Cycle is a reporting option that allows conflicts to be classified by where they fit in the accounting process.
- Finally, Policy is designed to allow a connection back to company policies tied to preventing a specific conflict.
Role Conflicts is typically used as a part of a role cleanup process to identify roles with significant conflicts. Usually identified roles have excessive access and need to be broken up into multiple roles to properly segregate duties. It’s often unreasonable to build completely conflict free roles. Most organizations are unable to completely segregate duties via only application security. Typically, some level of mitigating control is needed. In cases where companies do manage completely clean roles, they often end up with cross-role conflicts because users are simply being assigned more roles without considering overall SoD needs.
The Role Conflicts report is an important part of cleaning up security. A change to a single role is a much faster fix than addressing each user’s conflicts individually. Consequently, Role Conflicts is often used near the beginning of a clean up process for existing roles and later as a review tool for newly built roles.
We hope you enjoy our Top 10 Reports in Fastpath Assure series. You can see the entire list of all 11 reports below: