The present invention relates to access management, and more specifically, to computer program products and systems for providing context-dependent transactional management for separation of duties.
In general, separation of duties involves a variety of controls relating to people, software, data and the like. Many organizations utilize separation of duties to control the access of individuals and groups to various software and data within the organization. Separation of duties can be used to prevent fraud and errors, to protect trade secret information, control transactions with a machine or business process, to control access to sensitive data, to enforce security and license policies and the like. One method of enacting separation of duties includes separating the functions and associated privileges for a single business process among multiple users. Business processes can generally be categorized into four types of functions: authorization, custody, record keeping, and reconciliation. To decrease the possibility of fraud or errors, a single person may not be authorized to be involved with more than one type of function of a business process. For example, the business process of reimbursement of company expenses includes the functions of requesting reimbursement and verification of the receipts. These functions should be separated and performed by different employees to prevent both fraud and errors.
Traditionally, many of the requirements of separation of duties were handled by controlling physical access to individual computers and software used by members of the organization. However, recently organizations have begun to utilize cloud computing services rather than locally deployed applications. In general, cloud computing refers to server-based computing that allows users to transact with server resources using a variety of devices. Cloud computing applications are provided by a server, which allows users to use the applications without downloading and installing applications on their own device. Accordingly, current separation of duties methods may not be suitable for use within cloud computing environments.