Approving an SoD violation records that the violation has been recognized and approval has been given to allow the violation to continue for some time period. A comment is always required when approving a violation. You must also specify a time period (days) that the violation is allowed to continue. If the SoD policy has defined compensating controls, you can select one or more controls. This allows you to state what controls you want to be enforced while the violation is allowed to continue.
Resolving an SoD violation allows you to specify what permissions or roles you want removed from the user or account. Upon selecting permissions or roles to remove, changesets are generated which then show up in fulfillment. You can visit the fulfillment pages to perform the usual types of fulfillment actions. For more information, see Section 14.6, Fulfilling the Changeset for a Review Instance.
IMPORTANT:Closing an SoD case is not the same as the resolve action. It does not occur automatically because a resolve action has been performed. The resolve action simply initiates fulfillment tasks and notifies appropriate users of the need to perform removal actions and what specific removals are being requested. It does not actually remove permissions or roles. It might be that nobody ends up performing the fulfillment tasks, or rejects them and nothing changes, in which case the SoD violation does not go away and the SoD case remains open.