Posts

Coarse-Grained vs Fine-Grained Access Control in IAM

Image
Access Control in IAM Access control is about determining who can access what . In IAM, we classify access control into two main categories: Coarse-Grained Access Control Fine-Grained Access Control   Coarse-Grained vs Fine-Grained Access Control These are two fundamental access control strategies used in Identity and Access Management (IAM) to protect enterprise resources and data . Aspect Coarse-Grained Access Control Fine-Grained Access Control Definition Controls access at a higher-level (module/system) Controls access at a detailed level (fields/actions/records) Scope Broad, fewer rules Granular, complex rules Decision Criteria Role, department, job function User attributes + resource attributes + context Policy Examples “Finance users can access the Finance App” “Finance users can view payroll ...
Post a Comment
Read more

Understanding SoD in Modern Enterprises: Same App, Cross-App & Service Account

Image
  Segregation of Duties (SoD) in IAM and Saviynt EIC Segregation of Duties (SoD) — also known as Separation of Duties — is a key security principle used to reduce the risk of fraud, errors, or misuse by making sure no single person has control over all parts of a sensitive task or transaction. SoD Within the Same Application This is the most common SoD scenario. It ensures that within a single application , users don’t get access to perform conflicting actions that could lead to fraud. Real-Time Example in SAP: A user named Vikram works in the Finance department. Current Roles: Role A : Create Vendor Master Data Role B : Process Vendor Payments SoD Violation: This is a classic intra-application SoD violation: Vikram can create a fake vendor and then initiate payment to that vendor, all within SAP. There is no oversight or second pair of eyes — a clear fraud risk. How Saviynt Handles It: Create SoD Rule in Saviynt: Rule Name: Create Vend...
Post a Comment
Read more