- Ø Single Control
- Ø Dual Control
- Ø Triplet Control
- —User administration , Role administration and Profile generation will be performed by a single team.
Principle of dual control
- §The Authorization data and profile administrator creates roles, selects transactions and maintains the authorization data. He/she also generates the profile for the roles. But he/she shouldn’t maintain users.
- § The user administrator assigns the role to a user. But he/she shouldn’t change the data for authorizations and shouldn’t generate profiles.
- §The authorization data administrator creates roles, selects transactions and maintain the authorization data. He or she cant generate the profile and also may not change the users.
- § The authorization profile administrator generates the profile (exception profiles containing authorization objects beginning with S_USER*). He or she may not change users, change the data for roles.
- § The User administrator assigns roles to the user. He or she may not change the data for roles , nor change or generate profiles.
For more information visit www.keylabstraining.com