Define actions not permitted by application administrators to ensure separation of duties is adequate and implement technical controls, or determine other mechanisms, to prohibit application administrators from conducting those actions.