Segregation of duties (SoD) Check

Oracle Identity Manager (OIM) 11G R2 PS3 (11.1.2.3.0) Segregation of duties (SoD) Check Test Scenario

High level overview of execution steps  :-

Scanario : 2 Roles (Role1 & Role2) are mutually exclusive and should trigger an alarm for SoD violation if requested.

1) Enable Identity Auditor Feature Set Availability System Property Flag to true
2) Restart the OIM Server
3) Create an Identity Audit Rule
4) Create an Identity Audit Policy
5) Create 2 Roles Role1 & Role2
6) Create Test User - DEEPAK
7) Create a request to self-request Role1 & Role2
8) SoD violation should trigger at the End User Level
9) Manager sees 1 request level approval with SoD violation
10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation
11) Approve all the request & operational level requests.
12) User gets access to the roles.

Below are the screens for the above setup and demo


1) Enable Identity Auditor Feature Set Availability System Property Flag to true

2) Restart the OIM Server
3) Create an Identity Audit Rule

4) Create an Identity Audit Policy

5) Create 2 Roles Role1 & Role2

6) Create Test User - MANIKANTA

7) Create a request to self-request Role1 & Role

8) SoD violation should trigger at the End User Level - Request Level

9) Manager sees 1 request level approval with SoD violation

10) Manager sees 2 Operation Level (2 Roles) approval for the SoD Violation

11) Approve all the request & operational level requests.

12) User gets access to the roles.