Skip to main content

Conflicts — Details

The Conflicts — Details screen is the drill-down behind the Summary view. One line per (User, Activity 1, Activity 2) triplet — that is, every concrete realisation of an SoD risk on a single user. Each row carries the user, both incompatible activities, the underlying objects, and the two roles that brought the rights together.

This is the screen auditors read when they want to see the conflict, not the count.

At a glance

Nomasx-1 · Applications · Conflicts · DetailsPROCESSRISKUSERACT 1OBJ 1ROLE 1ACT 2OBJ 2ROLE 2P2PR-P2P-01JDOEVEND-CRP0401VEND_ADMINPAY-APVP0413MAP_APPROVERP2PR-P2P-01MSMITHVEND-CRP0401VEND_ADMINPAY-APVP0413MAP_APPROVERP2PR-P2P-02JDOEPO-MODP4310PO_OWNERRCT-APVP4312PO_RECEIVERO2CR-O2C-04PKHANCUST-CRP03013SALES_ADMINADJ-POSTP03B11AR_ADJUSTER1 — 50 of 247 raw conflict rows

Goal of the view

For every concrete SoD breach:

  • Identify the user. User ID + the two roles tell who carries the conflict and how.
  • Pinpoint the activities. Activity 1 and Activity 2 are the named SoD-matrix actions in conflict. The associated objects connect the activity to the source-system program that backs it.
  • Reconstruct the path. Combined with Rights — Users / Roles, the row tells which role pair generates the conflict — the lever to break it.

Columns

ColumnSourceWhat it tells you
Application IDCFD_APPS_ID — application identifier. Filterable.The connected application.
Process IDCFD_PROCESS_ID — business process. Filterable, looked up against SoD Process.Functional area the risk belongs to.
Risk IDCFD_RISK_ID — incompatibility rule. Filterable, looked up against SoD Risks.The risk being measured.
User IDCFD_USER_ID — user in conflict. Filterable, scoped to the application.The conflict holder.
Activity 1CFD_ACT1_ID — named SoD activity. Looked up against SoD Activities.First incompatible action.
Object 1CFD_ACT1_OBJECT — technical object. Looked up against SoD Objects.Source-system program backing activity 1.
Role 1CFD_ROLE1_ID — role granting Activity 1. Looked up against the role catalog.Where the user gets the first right from.
Activity 2CFD_ACT2_ID — named SoD activity.Second incompatible action.
Object 2CFD_ACT2_OBJECT — technical object.Source-system program backing activity 2.
Role 2CFD_ROLE2_ID — role granting Activity 2.Where the user gets the second right from.

Tips & best practices

  • Group by User ID when discussing remediation — the same user can appear on several rows. A single role removal often closes multiple conflicts at once.
  • Filter by Risk ID to obtain the full user list for one specific risk — the per-risk drilldown of the Summary screen.
  • Compare Role 1 and Role 2. When two roles always show up together as the cause of a risk, the role pair is the structural issue — the SoD review should challenge the role design before challenging individual users.
  • Cross-reference with Proven to know which of these rows have actual activity behind them (vs. theoretical conflicts where the user holds the rights but has never used them).