| 摘要 |
A method and system for identifying and resolving separation of duties (SOD) conflicts in a multi-application environment. An SOD conflict based on a person being granted a first authorization and a second authorization in violation of a policy is identified. The first and second authorizations are permissions allowing the person to perform, respectively, a first action provided by a first application and a second action provided by a second application. An optimal recommended action that resolves the SOD conflict is retrieved from a first database table that includes an association between the identified SOD conflict and the optimal recommended action. After the optimal recommended action is displayed on a display device, a user's acceptance of the optimal recommended action is received. In response, the optimal recommended action is performed by automatically deleting from a second database table an association between the person and the first or second authorization.
|
