23.5 Approving Potential SoD Violations

Only users with Customer, Global, or SoD administrator authorization, or users assigned as SoD policy owners can approve or deny potential SoD violations. Administrators can view all approval violations by clicking View all SoD approvals. Note that administrators cannot approve or deny permissions that a user already has as part of a business role. Identity Governance prevents approval of potential toxic SoD policy violations. For more information see Section 19.5.2, Creating an SoD Approval Policy for Toxic SoD Violations and Section 20.0, Managing Separation of Duties Violations.

NOTE:By default, all approval policies include potential SoD violation check and approval as step one of the approval steps. Users cannot delete this step. However, authorized users can drag and drop this step as needed to change the sequence of the approval steps.