Security Testing using eCATT

Former Member · ‎12-07-2005

Hello,

I would like to know if any one has found a good solution for Security testing using eCATT.

Thanks you

Gilles

Former Member · ‎12-14-2005

Gilles,

What security aspects do you want to test?

Bear in mind that eCATT can

- Access a system under various user names (system data container)

- Try to run an application as any given user (role and authorization testing)

- Read display values from screens (periodic checking of security-critical parameters, for example)

Former Member · ‎12-20-2005

Hi Jon,

I would be interested to learn how you would organize security testing ( Roles and Authorization)with your eCATT library.

Let's assume i have a bunch of eCATT scripts i would like to test against some roles or some userids (in large quantity).

Thanks you for ideas

Former Member · ‎12-23-2005

Hi Gilles,

Security testing in tems of roles and authorizations of users is very much possible in eCATT as conveyed by Jon.

If you have large quantity of scripts which need to be tested depending on roles & authorization and if you are testing it with SCAT transaction using catalog, plan & package then you can prepare package depending on user IDs. This will help in a way that you will be giving once the User ID & password at execution time for given package and all the roles, authorizations linked to that ID will be tested for that bunch of scripts.

Hope this helps.

Regards

Former Member · ‎10-01-2009

Hi Sapna,

I have a Scenario when Automating Security testcase's in CRM Q0M systsm while using different 'pfcg' roles.

I am not able to figure out exactly how to get the id part of a field, using GETGUI as its ID keeps on changing according to different roles.

eg:

for Role:- SAP_CRM_UIU_CHM_PARTNERMANAGER the id part is'wnd[0]/usr/lbl[54,30]'.

but next time if that node is deleted above that node then it becomes some other value.