Time for change: Any good tools for doing negative testing for Security Roles

Time for change:  Any good tools for doing negative testing for Security Roles

Negative testing is the process for check if the security restrictions applied to the security roles are working as intended.  Most of the clients I have seen will do lot of positive testing but will only realize the problems when the user tells them they can see lot more information in the system

Process for Negative testing:

1.       Do positive and negative testing at the single role level

2.       Do positive and negative testing at the composite role level.

3.       If the company does not do composite role then they have to test the specific users.

4.       At a minimum  do negative testing for update transactions

5.       Get the functional team involved for getting good negative test scripts

Tools:  I used Virsa Compliance Calibrator to do some negative testing. It was mainly check the organizational level access. Any good tools in the market to do negative testing?

 

Selva Kumar

Vice President- SAP Practice

OneAccess-UserManager for SAP

SAP Certified-Powered by Netweaver

http://www.softsquare.biz/oneaccess/

selva@softsquare.biz

Phone: 1 877 717 5487

Automate and Meditate