02-14-2008 12:28 PM
Hi All,
What is Unit and Integration testing and how does a security admin perform these after bulding the roles? Does these testing need to be performed for all the modules? Can some one explain this please.
Regards,
Sandhya
02-14-2008 1:00 PM
Hi,
There are loads of definitions for unit & integration testing out there & often used to describe different things.
Unit testing is usually when you create a role and execute each tx in the role to make sure that it starts up and you can move through it appropriately (don't worry about specific data etc, just completion of the transaction). Update SU24 where appropriate. Usually performed by security team.
Integration testing is usually where the func team run processes end to end. If security is involved then generally you are validating that the roles contain required transactions, there aren't any gaps where roles can't support the processes. You may want to test org levels and +ve and -ve test controls here but it really depends on your implementation. Most security testing is usually done in UAT but you would preferably have func team using real end user roles in IT, though generally not in the first passes where they validate their config