Mutually exclusive acccess or roles. This involves dividing responsibility for sensitive information or risky actions so that no individual acting alone can compromise a system. As a security principle, it has as its primary objective the prevention of fraud and errors. This principle is demonstrated in the occasional requirement for two signatures on a bank cheque, or by preventing a person from authorising their own workflow requests.