Just curious.. How does everyone else test their security roles?

[Olivia_Terrell]

I would love to find a way to actually be able to create test security roles and promote them in DEV to PY before getting them into PROD. Just curious--how does everyone else do it? Or does everyone just create a test role (like I do) and then copy the permissions from it onto the final permission? Surely there's a more clever way...

 

[Larry Williams]

We use a secuser test account

I would love to find a way to actually be able to create test security roles and promote them in DEV to PY before getting them into PROD. Just curious--how does everyone else do it? Or does everyone just create a test role (like I do) and then copy the permissions from it onto the final permission? Surely there's a more clever way...

Since security is normally shared across all environments, we have a test account called secuser known only to the security administrator. Before we assign new roles to users, we assign to them to the secuser for testing. Also, before we make changes to existing roles, we first copy the security to a test role which we also use the secuser account for testing. We only do the testing for changed roles if the change is significant.

 

[eydeak]

We have a test user account for each role. Make the role changes in test, someone tests the change and when it is approved the role change is promoted to production. I'm not actually a security or CNC person, so my knowledge doesn't extend much further than that. You might want to post this same question in the Technical form where more CNC and Security people might see it.

 

[BPConnor]

you can run multiple security tables to be able to have the ability to make changes to the security in a role in DV and once tested/approved move the changes to PY/PD. If you run multiple security tables you will need to segregate the JAS instances that run the different tables to prevent any issues there. EG if you have DV & PY on 1 F00950 and PD on another F00950 then the JAS instance should only have DV/PY *OR* PD.