cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10: Connecting test GRC system to production backend system

Former Member

on ‎07-01-2013 1:54 PM

0 Kudos

Hello experts. We have been testing UAR process in our sandbox (GSB) and are preparing to configure and move everything into our development system (GDV), then on to production (GPR).  I have been requested to point GDV at our production ECC6 system (PRD) as part of this effort, so that roles may be imported from PRD (for BRM) and so that we can test the UAR process in GDV to get realistic picture of results we can expect in GPR.   I'm a little nervous about connecting a test system to production, but I can't think of a specific reason NOT to do this.  The one caveat I could think of is, we'd have to be careful to not accidentally generate roles in production ECC6 from our test system.  Has anyone else connected test GRC with production backend system to test UAR?  Any watchouts or gotchas I need to be aware of?  Of course we will also have to set up the sync jobs to start sending usage data from PRD to GDV if we want to have a reasonable UAR test. 

Thanks in advance,

Heraleen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
‎07-02-2013 9:03 AM
0 Kudos

HI Heraleen

Is there a reason you can't point you GRC [GDV] system to your ERP DEV system to import the roles since that is your source of truth? If it's for BRM, I would have thought you want the DEV client as that's where you maintain roles in the first place before transporting through the landscape?

If testing the User Access Processes, you just need to pick a test ERP system to connect for the scenario. The roles and users are really the data. You would run the object sync for the Test ERP system to import the role exists flag for BRM so provisioning can occur.

Show replies
Show replies
Former Member
‎07-03-2013 7:31 PM
0 Kudos

Hi Colleen.  Thanks for your reply.   Our roles and users in our production and test ECC6 systems should be pretty similar.   The reason the team would like to run UAR in GDV against PRD is because we've had some questions about the transaction usage information presented.  We'd like to see a realistic UAR in our test system before we run it for real in production, to see if we believe the usage numbers.

Colleen
Advisor
Advisor
‎07-04-2013 10:18 PM
0 Kudos

Hi Heraleen

The usage numbers will come from the STAD system log

Could you prove the test by showing the STAD numbers in your Test System and then show after the synch what they look like in the GRC? If you are trying to get them to believe real numbers in Production then run STAD in Prod?

Former Member
‎07-09-2013 4:32 AM
0 Kudos

Personally the test I found most helpful was to perform a very controlled scenario in test system where I ran a limited number of transactions and logged the usage myself (number of times executed, whether data was changed or not) then ran a UAR for that user and compared results to what I'd logged.   We found the usage counting logic is different in 10.0 than it was in 5.3 and we also found some issues that required notes e.g. 1807552 (we're on SP08).  After finding issues, I think the security team is looking for a warm fuzzy that the numbers on the production UAR will be reliable.   They aren't as concerned about the exact usage count, but they do want to make sure no roles are incorrectly reported with usage=0 as that's what usually triggers the approver to request role be removed from the user.   I did set up a connector for our production ECC6 in our GRC test system.   So will see if that satisfies their requirement.

Colleen
Advisor
Advisor
‎07-10-2013 4:59 AM
0 Kudos

Great to hear you found an ideal test case to suit your requirements

Ask a Question