Quantcast
Viewing all articles
Browse latest Browse all 5338

Re: PFCG restriction: how to restrict security team from self assignment of roles?

Using the standard concept you'll have to get creative with your S_USER_GRP and a supporting set of roles.  This will have a maintenance overhead.  A couple of alternatives are:

 

1. Have someone outside the team have access to grant them to users within the group (and be strict about enforcing user groups)

2. Run a detective report on a weekly basis to see who has done self-assignments (most commonly operated control that I have seen).


Viewing all articles
Browse latest Browse all 5338

Trending Articles