n South African Computer Journal - Separation of Duty administration

Abstract

Access control administration is a huge task. Administration tools should assist the administrator in ensuring that the access control requirements are met. One example of an access control requirement is Separation of Duty (SoD). SoD requirements specify that no single person may have sufficient authority to complete a business process unilaterally. The SoDA prototype administration tool has been developed to assist administrators with the administration of SoD requirements. It demonstrates how the specification of both Static and Dynamic SoD requirements can be done based on the "conflicting entities" paradigm. Static SoD requirements must be enforced in the administration environment. The SoDA prototype, therefore, enforces the specified static SoD requirements.