Workday HCM is a backbone for many large enterprises across industry verticals. However, Workday’s frequent releases along with the capability to configure and customize your business processes On The Go present unique challenges for HR and IT teams in ensuring that HR processes work smoothly end-to-end with each change or release. Enterprises have realized that they need a better testing approach to address the change and the involved operational risks.
In this article, we will examine the testing of Workday Security Configuration and explore why it makes sense to automate this testing.
What is Workday Security Configuration Testing?
In simple terms, Workday Security Configuration defines what data your users can see when they log in and what business processes they can initiate or approve/reject. This is done to ensure that tenant data is protected and visible to authenticated users only. Workday’s security configuration is arranged on the basis of the user’s role, categorized in three sections: Role-Base, User-Based, and Standard-Worker. Essentially, testing Workday’s security configuration means testing on every user and role (respectively) against the pre-assigned permissions.
What should you test in Workday Security Configuration?
The security baseline of the available actions and field permissions is the most important point to test against changes that are made during the change management. The teams should perform regular tests to ensure that respective security group retains the assigned available actions and field permissions to access the key objects within the span of control.
Further, there is a need of deploying security regression (as a key part of your test approach) to address the changes to menus and security on the Workday’s ongoing releases. Hence, it is important to ensure that the change addressed by the security configurator stays in-line with the security policies. The business user should be able to run regression regularly, capturing potential changes on the Workday delivered roles.
Testing regular updates (or changes) in the ongoing releases of the Workday application is a time-consuming activity. For example, validating the group on the barometer of change in actions and fields can be unwieldy. Managing such intended changes to security configurator often becomes a complicated and cumbersome task. Such scenarios need to be tested for the comprehensive coverage of the test cases.
Challenges with manual testing of Workday Security Configuration
Manual testing of Workday Security configurations can become labor-intensive and time-consuming. Manually testing all users (across all Security Groups) against a baseline of what an assigned user can access in a tenant and which business processes they can initiate, approve, or reject can spiral into an overwhelming task. It also tends to be frustrating; imagine having to do the same thing over and over again, like navigating to Action and User screen for all test users to ensure the action and/or fields are visible. This often limits the ability to have full test coverage because of the involved complications (of the processes and the data transactions).
The following factors and requirements also complicate manual testing:
- Regression testing to avoid the associated unforeseen issues while addressing changes to a complex security configuration.
- The impact of the weekly patches (cannot be efficiently addressed through manual testing).
- Biannual update & Workday expansion needs heavy man-month effort, zipping SMEs for the extended periods (with manual testing).
- Testing integration during Workday updates.
Because of these challenges, more and more enterprises are looking to accelerate their Workday testing in general and Validating Workday Security configuration in particular by leveraging the power of test automation.
How Opkey’s Automated Workday Security Validator can help?
Opkey takes the heavy lifting out of your Security Configuration Validation by providing a pre-built validation suite that allows business users to easily provide Security Baseline and test Security Validation with a single click.
The automated Security configuration validation with Opkey is a simple 3 step process.
User provides the security configuration baseline data in a pre-provided spreadsheet template or Opkey can automatically pick this data from a baseline Workday tenant. [As shown in Figure 1]
User goes to Opkey interface and executes the prebuilt security validation suite with a single click. Opkey automatically tests all of your field level and action level security tests with Workday security configurator tester assuring 100% compliance with security process controls.
Once the tests are done, user gets the results back in the external spreadsheet showing what passed and what failed. User can also see the screenshot for all the tests for audit trail purpose.[As shown in Fig.2]
Some of the Key advantages of Opkey’s workday security validator are:
- Automatic test suite execution can be scheduled as per the changing requirements (retaining the integrity of the security configuration).
- Opkey’s distributed test execution architecture allow business users to run multiple security tests, concurrently making it the fastest validation suite in the market.
- Test cases can be easily created, re-used, deployed, and re-deploy as per the changing requirements.
With Opkey, agile teams now have a test automation platform to create reliable automation tests significantly faster and maintain them painlessly. Opkey allows Test teams to automate their mobile apps, web apps, web services and integrate seamlessly with DevOps without requiring a coding background.
If you require to overhaul and automate Workday security configurations, try out Opkey Workday Security Configurator. An intelligent testing tool that automates and accelerate testing, consistently. Happy Automating! Happy Testing!