Function Segregation Mapping allows you to define a risk matrix through the Risk Level, Risks, and Conflict entries.
XNU of SIGACFG must be updated or set as described above.
Description
Microsiga Protheus product line will be able to map routines or options of ERP routines in relation to function segregation.
The main purpose of this feature is to accurately and easily state that users and/or groups have accesses in conflict, according to the preset relationship.
For example, in a given company, the user who makes the purchase budget is not allowed to approve it. In the conflict register, you will enter this relationship and issue a report to locate these conflicts and risks.
The concept of Business Unit is not used in this feature, so having rules for the entire system is necessary.
You must use the Default Group concept, where the user has access to all routines denied by default, and free access to routines through the Privileges routine. For more information about this feature:
http://tdn.totvs.com/pages/viewpage.action?pageId=271404684
Configuration
The updated Configurator menu already has Function Segregation Mapping routines by default (Configurator > User > SOD Mapping). If you want to include the routines manually in the menu, follow these routine calls:
| Menu | Submenu | Routine | Program | Module | Type |
|---|---|---|---|---|---|
| Users | SOD Mapping | Risk Level | MPUserRiskRating | SIGACFG | 1 |
| Users | SOD Mapping | Risk | MPUsrRisk | SIGACFG | 1 |
| Users | SOD Mapping | Conflict register | MPUsrConflictRisk | SIGACFG | 1 |
| Users | SOD Mapping | Conflict report | APCFGR060 | SIGACFG | 1 |
Use
Function Segregation Mapping allows you to define a risk matrix through the Risk Level, Risks, and Conflict entries.
XNU of SIGACFG must be updated or set as described above.
The insertion of a custom routine must have the same name of the .prw file (like the routines created in MVC or standard routines) because the menudef of that source is considered to perform the procedures in the register.
Risk Level
The Risk Level register allows you to define the risk nomenclatures according to the desired terms. The impact of the risk must be determined through the Level field where the higher the value, the greater the impact of the risk.
In general, we have the following values for this register.
| Level | Description |
|---|---|
| 1 | Low |
| 2 | Medium |
| 3 | High |
| 4 | Very high |
| 5 | Extreme |
To register the Risk Level, follow the steps below:
1. Access Configurator > User > SOD Mapping> Risk Level
2. Click Include
3. Set a Code, Level (Criticality level), Description and Shortened Description
4. Set default Levels
Risks
After registering the Risk Levels, you must register the Risk itself. The Risk has an associated description and level.
To register Risks, do as follows:
1. Access Configurator > User > Mapping > SOD > Risk
2. Click Include
3. Define a Code, Description, and associate one of the previously registered levels in Risk Level
4. Define Risks and Levels
Conflicts
In the Conflict Register, select a Risk and map the routines that, with their features, could not be enabled for the same user.
For example, if the company does not want the same person to make the purchase request and approve it, you have to create a rule informing the routine MATA110 and the Inclusion and Approval activities so that whoever has these 2 accesses appears listed as conflict in the report.
To register the Conflicts, follow the steps below:
1. Access Configurator > User > SOD Mapping > Conflicts
2. Click Include
3. Enter:
Code - Set a code for the Conflict
Description - Define a Description for the Conflict
Risk - Select one of the previously registered Risks
Risk Description - Automatically completed
Level - Automatically populated
Level Description - Automatically populated
Activity 1 - Indicates the routine that will be part of this Conflict. You can enter the name of the routine directly, or click on the magnifying glass to select the Menu and list the routines to be used.
Transaction/procedural features - select the feature of that routine that will be part of this Conflict. Ex.: View, Add, Delete
Description - automatically completed
Activity 2 - second routine that will be part of the Conflict It may be the same as Activity 1
Transaction/procedural features - select the feature of that routine that will be part of this Conflict. Ex.: View, Add, Delete
Description - automatically completed
According to the example above, to create a Conflict where the same user cannot Include and Approve a Purchase Request. The screen will look like this:
Conflict report
After mapping, it is possible to issue the Conflict Report, which will indicate which users have conflicts. To issue the report:
1. Access Configurator > User > SOD Mapping > Conflict Report
2. Click Print
The Function Segregation Mapping feature is intended only to generate a report based on what has been parameterized. It will not automatically block conflicts, nor eliminate them, but only generate a report for the Administrator to take action.
Example of report:
On databases that use the Local Data Dictionary on files (System folder), the report displays only the first conflicting privilege of the user. After correcting the conflict, if another one happens, it will be displayed in the next report. That is, it displays one conflict at a time.
In databases that use the Data Dictionary in the Database (StartSysInDB=1), the report displays at once all the privileges that caused conflict in the user.
Visão Geral
Import HTML Content
Conteúdo das Ferramentas
Tarefas