Home TORC: The OneRoleConcept TORC and IdM SAP HCM Security SAP HCM Solutions About KNUZEN Contact Information
KNUZEN   SAP HCM SECURITY
Test Scenarios for MSS must cover real life situations. Test Script for Line manager must include the scenarios, which can appear in real life. This must be documented and stored so they can be reused each time there is a need for testing the MSS functionality.
Test Script for Line manager must include the scenarios, which can appear in real life. . When we are implementing Manager Self Service or employee self service we must have prepared a test script, which describes those real life scenarios we can be presented for. The test script must include those systems which a line manager can be involved in such as portal SAP HCM, e-recruiting, BI and ERP. Everybody can set up a test script, which shows a manager position in an organisational structure together with a couple of employee positions. In the MSS we will be able to see this manager and his employees, but this scenario does not reflect the complexity of real life. In real life we will have a flow of employees in and out of the organisation and the access rights must be aligned between SAP HCM and BI because if you can access data in BI, which you cannot access in SAP HCM this could be a violation of our access right principles. In our test script we will therefore have to set up a flow of employees, which is transferred from one organisational unit to another one. This must be handled with two specific master data sub scenarios one where the employee is being transferred through the PA40 actions: organisational reassignemnet and one where the transfer is based on the drag and drop operation form OM. We must also secure that there is no aggregation of access rights for our managers so we will have to test our managers access when the manager himself is transferred to another manager position. The manager should not have access to employees from his old manager position but only to those employees which belongs to his area of operation from the new manager position. We will also have to test the managers access to employees if he is assigned to several manager positions. In this case the manager will have several areas of operation and this happens on a regular basis for our managers so therefore we need to test this scenario as well. Employees who has left the organisation must also be included in the test script. You can do this by terminate one of the employees in the test organisation. Can the manager access teh terminated employees data and perhaps even more important are other managers still restricted from seeing this employees data. The figure 1 below shows some master data movements of employees, which can be incorporated in your test scenario for SAP HCM and BI. The scenario must depict those possible movements you can find in real life. Fig. 1 Scenarios for testing MSS  In this set up I have created an organisational structure with 5 sub units 4 containing a group of employees and one manager. The last org unit does not contain a manager position. Test Scenario 1 Manager movement The manager is moved from a manager position in Knuzen 1 to a manager position in Knuzen 5. You need to test the segregation. The manager must not be bale to access data or new information from his old position as soon as he/ she has left the old manager position and arrived in the new manager position. Off cource with respect to the tolerance time which has been customisied in OOAC.  Please refill the managerposition in Knuzen 1 so you can continue to test with this unit. Also remember to include test of appraisals when the manager has left, since he/ she can be assigned as appraiser in performance appraisal documents. Test scenario 2 Employee internal movement The employee 1.A is moved from Knuzen 1 to Knuzen 2. The manager from Knuzen 1 is not allowed to see his old employee Empl 1.A when he/ she has moved to the new unit with a new manager. Please remember to test performance appraisals since a performance appraisal can strech over a period where the old manager is supposed to appraise the employee who left. Test scenario 3 Employee is terminated. In this case one of the employees is terminated. In many authorization set ups you will in MSS have structural authorizations which are the main control. But if the terminated employee is not controlled by structural restriction then he or she can become visible for others such as personnel administrators. So please test the managers from other units ain’t available to access this users data after a termination. Normally there will be several options during a terminations which will keep the structural authorizations in control. But if you have an employee who is terminated with blank entries for position as well as for org. unit then the structural authorization is out and unwanted access to the employee can become a reality. Test scenario 4 Rehiring employee And former employee from another unit is rehired. Can the manager in the hiring unit get access to this employee who has been terminated from a previous position in Test scenario 5 Moving an employee through drag and drop in OM The option for moving employees through drag and drop must be tested if this functionality is available for endusers. Will the new manager have access to the moved employee and wil the authorisation close nicely for the manager in the old unit. Test scenario 6 Move an entire org unit with employees underneath another unit. You need to test this scenario in case of merging or small scale changes in the organisation. The manager in the moved unit will have the same access rights as before the movement but the manager in the reporting unit in figure 1 corresponding to Knuzen 3 the manager will now get additional employees. From the moved org unit Knuzen 4 the manager in Knuzen 3 will get a reporting manager and those employees belonging to unit 4 as indirectly reporting. Test scenario 7 Org unit with manager position but without manager assignment. In the real world there will from time to time be periods where a position is vacant and in this case the reporting manager must be found upwards the hierachy. This needs to be tested with an org unit where you don’t have a person assigned the manager position. The reporting manager will in figure 1 be the manager of Knuzen main org unit. Please remember to test the BI access in respect with these scenarios. If you have access to payroll or other sensitive data in BI for employees as a manager the control must be 1:1 for the sensitive information.
1: home
2: knuzen_curriculum_vitae
3: The SAP HCM Authorization concept: The OneRoleConcept
4: RCAT: The RootCauseAnalysisTools related to the OneRoleConcept
5: contact.htm
6: SAP_HCM_OVERVIEW
7: Business Control with OneRoleConcept
8: The Details of the OneRoleConcept
9: SAP_HCM_SECURITY_AND_PERFORMANCE
10: The OneRoleConcept Business benefits
11: SAP HCM transit position in Om as DMZ for transfer activity
12: SAP HR structural authorization for multiple parts of the organisation.
13: LSO and PD Catalogue control
14: Knuzen Substitute/ Deputy solution for line managers
15: Enterprice, personnel and organisational structures in SAP HCM
16: sap_enterprise_structures_revisited
17: Clean up SAP Organisational Management
18: Consistency check of SAP OM and PD tables
19: SAP HCM combined with personnel development functionality
20: Optimize the System Performance with indexing structural authorizations: RHBAUS00
21: Identity management with the use of SAP HCM attributes
22: organizational_key_vdsk1
23: master_derived_composite_sap_roles.htm
24: Standard tools for identifying SAP HCM authorization issues
25: Enhance the layout of PPOME and PPOSE the organisational structure
26: Enhance the existing PD model and use it for personnel development
27: To be structural restricted or not to be... thats the question
28: Automate your SAP solution and avoid errors and business break downs
29: SAP HCM Authorizations and performance
30: design_support_organisations_1.htm
31: design_support_organisation_2.htm
32: design_support_organisation_3.htm
33: Upload Documents on your employees
34: Upload Documents on your employees
35: Upload Documents on your employees
36: The role assignment can be used for compliance check and license control.
37: Upload Documents on your employees
38: Upload Documents on your employees
39: Upload Documents on your employees
40: Upload Documents on your employees
41: Data Model for E-ercruiting and Tips & Tricks
42: Upload Documents on your employees
43: Upload Documents on your employees