::Rocio,
This is a great question. I do not think this exists as most of the individuals / companies that have created this offer this as a paid offering / service (speaking as someone who has led the creation of SOD rulesets in the past).
However there are some typical scenarios that are ‘ERP agnostic’ that you can help to create this, for example:
– Access to maintain master data and then transact against it (ex: ability to maintain a vendor and pay that vendor)
– Access to setup/configuration of a module and then transact within it (ex: ability to update procurement and sourcing parameters and post purchase orders)
One last point, the out of box SOD functionality from Dynamics has a fatal flaw in that it does its analysis at the duty level and not the securable object level. This leave adequate opportunities for false positive / false negative results in the result. Some companies can accept this risk but others in more highly regulated industries might not be able to.
If you have any other questions about this feel free to reach out.
Resources:
– https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/implementing-segregation-of-duties-a-practical-experience-based-on-best-practices
– https://community.trustcloud.ai/docs/grc-launchpad/grc-101/governance/developing-a-strategic-segregation-of-duties-matrix/