Static Separation of Duty is typically determined when the roles are assigned to the users. Dynamic Separation of Duty is dynamically evaluated within the active session.
(SSoD) relations #
- prevents conflict of interests that arise when a user gains permissions associated with conflicting roles
- (SSoD) relations are specified for any pair of roles that conflict.