Regardless of which methodology you’re using to log in and to test security and authorisations, don’t forget to plan for the basics:
- How do users log in?
○ Portal – ensure you have the URLs for any portals
○ SAP GUI – how is the gui being sent to each desktop/laptop? Will it be there in time for your test phases?
○ SAP GUI – are all test systems on the .ini file? If not, do you have the connection string? Are desktops / laptops locked down – if so, what is the workaround to get the .ini file installed?
○ RF scanners and other external devices – do they have the URL to the test system(s)
- Do all users have a user ID to access?
○ Individual user IDs or role-based logins?
○ Are there any Single Sign On implications that prevent access?
○ Are users set up in or synchronised across each system that requires access (e.g. Portal, ECC, SCM, BI, etc)?
- What is the password reset procedure?
○ Do all testers know who to contact to reset passwords?
○ What’s the process? Email? Self-service?
○ What’s the turnaround time?
○ If role-based logins are being used, how are you keeping track of passwords?
All of the above should be covered in your Test Plan and/or in your tester onboarding toolkit.