Certain highly critical administrative tasks require that all access and actions be performed in the presence (or with the consent) of two authorized people at all times. This is also known as the Separation of Duties / Segregation of Duties and/or the Four Eyes Principles / The Two-Man Rule. However, this kind of control mechanism is not directly supported by MDM, but can be achieved using applications (implemented on .NET, Java, or ABAP) that make use of the MDM APIs.

The MDM server creates audit logs that contain authorization related information. This is useful for auditors who would want to know the authorizations held by users while performing a particular activity.

Audit logs contain information related ...