Workday HCM has turned out to be a backbone for many large enterprises across industry verticals. However Workday’s frequent releases along with the capability to configure and customize your business processes On The Go present unique challenges for HR and IT teams in ensuring that HR processes work smoothly end to end with each change or release. And enterprises have realized that they need a better testing approach to address the change and the involved operational risks.
Two of the most critical areas to test with workday are Security Configuration and Business process configuration. In this article, we are going to talk about the testing of Workday Security configuration and why it makes sense to automate this testing. Next article with cover more about business process configuration testing with Workday.
What is Workday Security Configuration Testing?
In simple terms, workday security configuration defines what data your users can see when they log in, what business processes they can initiate or approve/reject. Obviously, this is done to ensure that tenant data is protected and visible to the authenticated users only. Workday’s security configuration is arranged on the basis of the user’s role, categorized in three sections: Role-Base, User-Based, and Standard-Worker. So essentially, testing Workday’s security configuration means testing on every user and role (respectively) against the pre-assigned permissions.
What to test in Workday Security Configuration?
The security baseline of the available actions and field permissions is the most important point to test against changes that are made during the change management. The teams should perform regular tests to ensure that respective security group retains the assigned available actions and field permissions to access the key objects within the span of control.
Further, there is a need of deploying security regression (as a key part of your test approach) to address the changes to menus and security on the Workday’s ongoing releases. Hence, it is important to ensure that the change addressed by the security configurator must stays in-line with the security policies. The business user should be able to run regression regularly capturing potential changes on the Workday delivered roles.
Testing regular updates (or changes) in the ongoing releases of the Workday application is a time-consuming activity, for example, validating the group on the barometer of change in actions and fields. Managing, such intended changes to security configurator often becomes a complicated and cumbersome task. Hence, such scenarios need to be tested for the comprehensive coverage of the test cases.
Challenges with manual testing of Workday Security Configuration
Manual testing of Workday Security configurations can become labor-intensive and time-consuming. Manually testing all users (across all Security Groups) against a baseline of what an assigned user can access in a tenant and which business processes they can initiate, approves or reject can very soon spiral into an overwhelming task not to mention frustrating (imagine having to do the same thing over and over again – navigating to Action and User screen for all test users to ensure the action and/or field are visible). And many a times this limits the ability to have full test coverage because of the involved complications (of the processes and the data transactions). Some of the other factors that makes manual testing even difficult are listed below:
- Regression testing to avoid the associated unforeseen issues while addressing changes to a complex security configuration
- The impact of the weekly patches (cannot be efficiently addressed through manual testing).
- Biannual update & Workday expansion needs heavy man-month effort, zipping SMEs for the extended periods (with manual testing).
- Testing integration during Workday updates
Because of these challenges more and more enterprises are looking to accelerate their Workday testing in general and Validating Workday Security configuration in particular by leveraging the power of test automation.
How OpKey’s Automated Workday Security Validator can help?
OpKey takes the heavy lifting out of your Security configuration validation by providing a prebuilt validation suite that allows Business users to easily provide Security baseline and test Security Validation with a Single Click
The automated Security configuration validation with OpKey is a simple 3 step process
User provides the security configuration baseline data in a pre-provided spreadsheet template or OpKey can automatically pick this data from a baseline Workday tenant. [As shown in Figure 1]
User goes to OpKey interface and executes the prebuilt security validation suite with a single click. OpKey automatically tests all of your field level and action level security tests with Workday security configurator tester assuring 100% compliance with security process controls.
Once the tests are done, user gets the results back in the external spreadsheet showing what passed and what failed. User can also see the screenshot for all the tests for audit trail purpose.[As shown in Fig.2]
Some of the Key advantages of OpKey’s workday security validator
- Automatic test suite execution can be scheduled as per the changing requirements (retaining the integrity of the security configuration).
- OpKey’s Distributed test execution architecture allow business users to run multiple Security tests, concurrently making it the fastest validation suite in the market
- Test cases can be easily created, re-used, deployed, and re-deploy as per the changing requirements.
With OpKey, agile teams now have a test automation platform to create reliable automation tests significantly faster and maintain them painlessly. OpKey allows Test teams to automate their mobile apps, web apps, web services and integrate seamlessly with their DevOps without requiring a coding background.
If you require to overhaul and automate Workday security configurations, try out OpKey Workday Security Configurator. An intelligent testing tool that automates and accelerate testing, consistently. Happy Automating! Happy Testing!