|Applies To||RSA Product Set: RSA Identity Governance and Lifecycle |
RSA Version/Condition: All
|Issue||This article describes how to configure the system to prevent users from requesting exceptional access in RSA Identity Governance and Lifecycle. The term "exceptional access" in this article refers to Segregation of Duties (SOD) violations.|
|Tasks||Here are the steps to prevent users from requesting exceptional access:|
Rules > Definitions > Create New Rule > Type: Segregation of Duties
By default, these options are not checked. This means anyone can request exceptional access and submit the request. To prevent users from requesting exceptional access, the first two options need to be defined.
|Resolution||KEY POINT: The second option applies only to those users defined in the first option. That is, if a user does not meet the criteria defined in the first option Show violations to the specified requestors, they will be allowed to submit the request regardless of whether or not they meet the criteria in the second option Requests with violations can be submitted by requestors.|