Segregate conflicting duties to keep one user from executing them alone. Identify which obligations need segregation, such as change approval, access rights, code design, and security control assurance. Consider collusion risk and use other controls if segregation is difficult. Avoid conflicting roles in any access control system, use automation to pinpoint conflicts, and carefully define roles to prevent access issues.