Segregation of Duties Reporting

Video Transcript This is a brief demonstration of ALLOut Segregation of Duties reporting, which is the cornerstone of risk reporting and management. The ultimate purpose of segregating duties is to reduce risk by separating duties and the access associated with those duties. We're limiting the opportunity for misuse of company assets, whether through fraud or through error. With ALLOut, you can identify and address SOD breaching access before the fraud or errors occur. SOD rules define which business processes should be separated, and critical process lists define the programs used by those processes. SOD reporting compares these rules and lists to your user's security permissions to determine SOD breaching access. Let's take a look. Everything we need can be found within ALLOut's access and audit reporting menu. To begin using this feature right away, we could simply define the critical process lists and SOD rules, and then run the reports. I'll show you both of these steps in a moment, but first, let's take a look at some optional ways to enhance your SOD reporting. We could choose to load and maintain menu routes, which enables us to incorporate task view and menu filters into the SOD reports. We could also incorporate non JDE access and processes. Now let's take a closer look at the process for creating SOD rules and running the reports. Remember, step one would be to define the critical process lists and SOD rules. Here we can see some critical process lists and SOD rules that were uploaded from the ALLOut SOD master. Using the predefined yet customizable SOD master data is not a requirement, but doing so enabled me to get a jumpstart on my SOD reporting process. Whether using SOD master data or not, lists and rules can always be modified here, and if you choose to incorporate non JDE processes, those processes can be associated with the SOD rules right here, using the same grid. Once the lists and rules have been defined, we can immediately run our reports. The interactive interface will walk us through the report settings. It can report access for users or roles. We can target a variety of data ranges and filter based on the level of access, including filters for mitigating controls and menu access. There are also options to define the output style and layout. Once everything is set, just submit the report. As with other JDE reports, I can find my report in my submitted jobs. The first page documents all of the report settings, and subsequent pages reveal the SOD breaching access. In this case, we're looking at one user at a time. For each user, the report documents each SOD rule that can be breached along with access details, including programs and the user's permissions to those programs. By changing the report style and layout, we can compare multiple users side by side and control the level of details shown on the report. For more detailed guidance on this and other ALLOut features, please visit the ALLOut Academy.

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.

Cookie name	Default expiration time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_ga_<container-id>	2 years	Used to persist session state.
_gac_gb_<container-id>	90 days	Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. Learn more.

visitor_id<accountid>	The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>	If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a `true` or `false` value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to `true`, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to `false`. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash	The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>	This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
pardot	A session cookie named pardot is set in your browser while you’re logged in to Pardot as a user or when a visitor accesses a form, landing page, or page with Pardot tracking code. The cookie denotes an active session and isn’t used for tracking.