# Separation of Duties Separation of Duties (SoD) in CERTInext ensures that critical certificate lifecycle actions are distributed across multiple roles, preventing any single user from having unchecked control over certificate operations. CERTInext enforces separation of duties through role-based access control, approval workflows, and permission scoping. #### Role Segmentation Model CERTInext allows organizations to assign distinct roles for different responsibilities, such as: * Requesting certificates * Approving certificate actions * Deploying or provisioning certificates * Managing Certificate Authorities * Viewing reports and audit logs Each role is granted only the permissions required for its function. #### Operational Enforcement Separation of duties is enforced at runtime: * A user who initiates a request cannot approve the same request * CA administrative actions can be restricted to dedicated roles * Deployment permissions can be separated from issuance permissions This reduces the risk of accidental misconfiguration or malicious misuse. #### Compliance and Risk Reduction By enforcing separation of duties, CERTInext helps organizations: * Meet regulatory and audit requirements * Reduce insider threat risk * Prevent unauthorized certificate issuance or revocation * Establish clear ownership and accountability All role assignments and role-based actions are fully auditable. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.certinext.io/documentation/user-roles-and-access-control/separation-of-duties.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.