Currently, if we define a Separation of Duties (SoD) rule in Identity Applications, there is no reference to it on the affected Roles.
Role administrators and role owners should get some information about the fact that their role is involved in an SoD. (nrfRole object --> nrfSOD object)
Also, if a user has an approved SoD exception and therefore has 2 conflicting roles assigned, there should be a reference to the SoD on the user as well. (User object --> nrfApproved(SOD)Exceptions)
Such exceptions should also be listed in the SoD definition GUI (Administration/Separation of Duties). The SoD definition object in eDirectory already references the exceptions, but the GUI doesn't show it yet. (nrfSOD object --> nrfApprovedExceptions)
Please add these references to the corresponding objects and show the in the GUI.


  • Auditors also must be able to follow up on the SoD violations.