D365 Finance & Operations and Dynamics AX Forum

  • 1.  Segregation of Duties compliance check

    SILVER CONTRIBUTOR
    Posted Aug 25, 2021 04:42 PM
    Edited by Mark Jones Aug 25, 2021 04:55 PM
    We are on AX 2012 R3 cu12.  I am setting up Segregation of Duties for the first time and testing.  I read these two pages: Identify and resolve conflicts in segregation of duties and Set up segregation of duties , but don't see the answer I am hoping for.

    Because of the way that security was set up prior to my arrival, one AX function may exist in three different duties that we want to segregate from another function that exists in five duties.  So I am having to set up 15 different rules to address what should have been only two duties and one rule, had it been set up in a more logical fashion.  I don't have time at the moment to unwind all of that yet.

    1. Is there a way to validate all SoD rules at once to find conflicts between roles?  The Microsoft docs above that I read seem to point to having to click on each rule, one at a time, to run the duties and roles validation.
    2. Is there a way to set this up once in a lower environment and move it to the higher environments without having to re-key the rules from scratch?  
    I appreciate your help.
    Screen shot of SoD rules so far.

    ------------------------------
    Mark Jones
    Project Manager
    UniGroup, C.A.
    Fenton, MO
    ------------------------------


  • 2.  RE: Segregation of Duties compliance check

    MICROSOFT MVP
    Posted Oct 22, 2021 11:24 AM
    Edited by Alex Meyer Oct 22, 2021 11:25 AM
    Mark,

    1) To validate all SOD rules at once you can run the 'Verify compliance of user-role assignments with rules for segregation of duties' process located at System Administration -> Setup -> Segregation of duties -> Verify compliance of user-role assignments. This runs as a batch job and will output the results to the Segregation of duties unresolved conflicts area located in the same module.


    2) As far as migrating this data from one environment to another the only option I know of would be to use the DIXF feature to export the data from one environment and import it to another. Depending on the number of records you are moving this may be more of a hassle than just re-entering the data but that is a business decision to make.

    Also one last thing is to understand that there are gaps in the way that Microsoft has implemented SOD within AX 2012 and D365FO. Depending on your audit requirements this may be an issue you have to address. I have written about these gaps here:

    https://www.gofastpath.com/blog/fastpath-vs-dynamics-ax-d365fo-segregation-of-duty-analysis-comparison

    ------------------------------
    Alex Meyer
    Director of Microsoft Software Development
    Fastpath
    Des Moines, IA
    ------------------------------



If you've found this thread useful, dive deeper into User Group community content by role