Separation of Duties - Intergraph Smart Materials - Version 2020 (10.0) - Administration & Configuration - Hexagon PPM

Intergraph Smart Materials Classic Administration (2020)

Language
English
Product
Intergraph Smart Materials
Subproduct
Classic
Search by Category
Administration & Configuration
Smart Materials/Smart Reference Data Version
2020 (10.0)

Separation of duties (SoD) is the concept of having more than one person required to complete a task. In business, separation of duties is an internal control intended to prevent fraud and error.

The Sarbanes-Oxley Act does not allow any person to execute more than one of the actions listed below unless a formal statement has been made that defines exception to this rule and defines the compensating controls to monitor actions by the person allowed to have more than one privilege.

  • Approve a requirement (requisition)

  • Approve a commitment to supplier (purchase order/subcontract)

  • Approve a payment (sign off on receipts)

In Smart Materials, these functions are assigned to a user by privileges and screen access authorization.

Smart Materials supports a generic equivalent of the Sarbanes-Oxley Act, the Separation of Duties (SoD). SoD does not allow a user to have access to more than one set of privileges or menus that fall under a particular SoD definition, unless exceptions are explicitly defined.

The definition of SoD is done on the A.60.65 Separation of Duties screen. The picture below shows the Privileges - Menus tab. This tab allows you to create SoD definitions and to assign privileges and menus (screens).

Privileges and/or menus assigned to one SoD cannot overlap with privileges and/or menus assigned to other SoDs. That is, a privilege or menu cannot be assigned to more than one SoD.

On the second (SoD for Users) and third (SoD for Roles) tab, you define the exceptions that are specified by formal statements. On the SoD for Users tab, SoD exceptions are defined for a user within a particular project. On the SoD for Roles tab, SoD exceptions are defined for a role.

The project default ZX_USE_SOD controls whether the SoD check is performed. If the project default is set to N (default), the check is not performed for this project. If the project default is set to Y, the SoD check is performed when the user logs in to this project.

The check is not performed if the user logs in as SUPER USER.

When a user logs in to Smart Materials, the software checks all privileges and screens that are assigned to the user and all his active roles against the SoDs.

If the software finds privileges or menus in more than one SoD, and the specified user or role exceptions do not allow these overlapping privileges, a message appears stating that logon is prevented.

Example

ZX_USE_SOD is set to Y in projects PROJ1 and PROJ2.

Specified SoDs:

  • REQ_APPROVAL with the ER APPROVAL privilege assigned

  • PO_APPROVAL with the PO APPROVAL privilege assigned

These SoDs specify that the same user cannot approve both requisitions and purchase orders.

User A has ER APPROVAL assigned by his role for all projects and PO APPROVAL for PROJ1. No exceptions are defined for user A.

  • Log in to PROJ1: rejected

  • Log in to PROJ2: allowed

User B has ER APPROVAL assigned by one of his roles and PO APPROVAL by another role. For user B, PO_APPROVAL was specified as an exception in project PROJ1.

  • Log in to PROJ1: allowed

  • Log in to PROJ2: rejected

Whenever an insert or update of an active record on the A.20.06.01 User Security for Product Groups or A.20.06.02 User Security for Projects screens violates an SoD definition, an error message appears, stating that the changes cannot be saved.

User security records that are affected by overlapping privileges or menus are highlighted with a red background color in the User and Project fields on A.20.06.01 and A.20.06.02.