Segregation of Duties Circumvention

A subject consolidates control authority by obtaining, retaining, or exploiting permissions that allow them to perform multiple stages of a controlled process without independent oversight.

This includes scenarios where the subject holds or acquires overlapping roles that are intended to remain separate, such as the ability to request and approve actions, initiate and authorize transactions, or develop and deploy changes. The behavior may arise from misconfigured access controls, privilege accumulation over time, or informal deviations from defined role boundaries.

The defining characteristic of this behavior is the structural collapse of role separation, where control mechanisms designed to enforce independence are no longer effective.

By eliminating separation between responsibilities, the subject creates conditions in which actions can be completed without challenge or verification. This removes a foundational safeguard against error, misuse, and unauthorized activity, significantly increasing the likelihood that subsequent infringement can occur undetected.