on 07-01-2013 1:54 PM
Hello experts. We have been testing UAR process in our sandbox (GSB) and are preparing to configure and move everything into our development system (GDV), then on to production (GPR). I have been requested to point GDV at our production ECC6 system (PRD) as part of this effort, so that roles may be imported from PRD (for BRM) and so that we can test the UAR process in GDV to get realistic picture of results we can expect in GPR. I'm a little nervous about connecting a test system to production, but I can't think of a specific reason NOT to do this. The one caveat I could think of is, we'd have to be careful to not accidentally generate roles in production ECC6 from our test system. Has anyone else connected test GRC with production backend system to test UAR? Any watchouts or gotchas I need to be aware of? Of course we will also have to set up the sync jobs to start sending usage data from PRD to GDV if we want to have a reasonable UAR test.
Thanks in advance,
Heraleen
HI Heraleen
Is there a reason you can't point you GRC [GDV] system to your ERP DEV system to import the roles since that is your source of truth? If it's for BRM, I would have thought you want the DEV client as that's where you maintain roles in the first place before transporting through the landscape?
If testing the User Access Processes, you just need to pick a test ERP system to connect for the scenario. The roles and users are really the data. You would run the object sync for the Test ERP system to import the role exists flag for BRM so provisioning can occur.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen. Thanks for your reply. Our roles and users in our production and test ECC6 systems should be pretty similar. The reason the team would like to run UAR in GDV against PRD is because we've had some questions about the transaction usage information presented. We'd like to see a realistic UAR in our test system before we run it for real in production, to see if we believe the usage numbers.
Personally the test I found most helpful was to perform a very controlled scenario in test system where I ran a limited number of transactions and logged the usage myself (number of times executed, whether data was changed or not) then ran a UAR for that user and compared results to what I'd logged. We found the usage counting logic is different in 10.0 than it was in 5.3 and we also found some issues that required notes e.g. 1807552 (we're on SP08). After finding issues, I think the security team is looking for a warm fuzzy that the numbers on the production UAR will be reliable. They aren't as concerned about the exact usage count, but they do want to make sure no roles are incorrectly reported with usage=0 as that's what usually triggers the approver to request role be removed from the user. I did set up a connector for our production ECC6 in our GRC test system. So will see if that satisfies their requirement.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.