Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Segregation of Roles?

Former Member

‎03-06-2008 1:56 AM

0 Kudos

How are the roles seggregated into multiple roles?

HOW DOES D E S I G N take place?

Is there any tool involved or Is there any specific D E S I G N method to do the same?

5 REPLIES 5

Former Member

‎03-06-2008 3:41 AM

0 Kudos

Hi,

These days Security design is a complex work.

Few tips -

-> Many company s are following Business role based Security.

-> interact with your functional teams and segregate Business roles and their activity.

-> Design the Security policies.

-> Design Role naming convention.

-> Prepare Authorization matrix.

-> Create roles

-> Create authorization Test environments

-> Mapp with user accounts.

Please let me know if you want more details.

Former Member

‎03-06-2008 4:00 AM

0 Kudos

Thankyou Praveenkumar,

Can anybody please tell me how secuirty would be implemented from the scratch?

How the process of gathering requirement from users and using it(requirements) to create the roles goes on?

How Authorization matrix is created and finalised?

Are there any tools involved?

If possible ,please guide me with case studies ,if any.

Thankyou.

Former Member
In response to Former Member

‎03-06-2008 4:17 AM

0 Kudos

I have used xls/ spread sheets to design security matrix.

-> Design the security policies

-> Interact with your functional teams and finalize the business roles/ positions in the organization.

-> Then finalize the activity/transactions for each business role/position.

-> prepare the matrix.

-> finalize the feild level activity and org. values.

Former Member
In response to Former Member

‎03-06-2008 2:38 PM

0 Kudos

And most important of all: it is the task of the functional consultants to describe the processes up to TRX level including restrictions from a functional point of view.

THAT MUST be the starting point of the security implementation, if it is not there I simply tell them I cannot start!

Beware that process design is NOT the task of the security team. Translating a functional design in a technically security design is our TASK

,

Former Member
In response to Former Member

‎04-19-2008 2:38 PM

0 Kudos

Hi Praveen

I am also new to security Implementation,

If you could share a template of the same which you had implemented in any of your previous projects it would be great help to me.

Many Thanks.