Identity Governance not only enables you to identify SoD violations in your current data, it also enables you to detect SoD violation that might occur in the future if a set of access requests are fulfilled. When potential SoD violations are detected, Identity Governance determines if approval is required for the potential SoD violation before processing the request. The SoD policy or the global potential SoD violation approval policy determine if approval of potential SoD violations is required and whether self-approval is allowed. If approval is required, Identity Governance creates a potential SoD violation approval task that is assigned to SoD policy owners and SoD administrators to handle. SoD policy owners and SoD administrators can see a list of the potential SoD violations they need to approve or deny via Access Request > Approvals > SoD Approvals page.
NOTE:Only users with Customer, Global, or Access Request Administrator authorization can set the global potential SoD violation approval policy. For more information, see Setting Global Potential SoD Violation Approval Policy.