To use the SOD feature in the Option Pack, define SOD rules.
To create an SOD rule
Writes the SOD event to the SOD audit tables, and continues to possible workflow approvals
Denies the SOD conflict and writes the event to SOD audit tables, and continues processing the task
Sends the SOD event to a designated approver. If approved, it continues on to regular approval processes. If rejected, no further workflow processes are triggered.
Denies the SOD conflict and writes the event to SOD audit tables, and stops the task
The difference between RejectAll and Reject is as follows: SOD works at the attribute level, meaning that it identifies a potential violation between two different attributes. However, an access entitlement request may include four different Active Directory groups and three RACF roles. It may be that only one RACF role generates a violation. If Reject is selected, only the RACF role generating the violation is rejected and the other four Active Directory groups and two RACF roles continue on to the normal approval process. If RejectAll is selected then all the requests, including all four Active Directory groups and the three RACF roles, are rejected and the task is stopped.
An SOD item is defined by its endpoint (such as Active Directory or HR_endpoint), the entitlement name, and value.