11.4 Workday Security Configuration Validator
What is Workday Security Configuration Testing?
Workday security configuration Testing is all about how to safeguard your data from unauthorized access and being misused. It is being done at the time of configuring workday or making any modifications or with frequent workday releases.
It focuses on what data your users can see when they log in, what are the Business Processes they can initiate or approve/reject. The entire procedure is just to ensure that tenant data is protected and visible to the authenticated users only.
For Example:
A user should be able to view his manager’s basic details like Designation, Name etc, But he must not access his manager’s compensation.
Likewise, there can be many other scenarios in which a User might have the permission to View and Edit some of his personal details like Name, Address, Email But could not edit his Salary structure.
All such enormous and complex scenarios are handled by Workday security configuration Validator.
The Workday’s security configuration is arranged on the basis of Security Groups,which is categorized in three sections.
User-Based Security Group
This Users belonging to this security group has the access of all tenants. For our understanding, they can be considered as the Super Admin.
For Example: HR Administrator, Security Administrator, Benefits Administrator.
Key Roles
This Security Group supports Key roles within the Organization Hierarchy.
For Example : Suppose we have a Finance Department then the Key Roles can be defined as FInance Head, Finance Analyst, Finance Executive e.t.c
Standard-Worker
The Users falling in this category are ordinary workers with no special security groups, who has limited access to the workday application. The Majority of people falls in to this group.
For Example : The employees of the organisation.
So essentially, testing Workday’s security configuration means testing on every user and role (respectively) against the pre-assigned permissions.
These security group assign Field Level and Action Level Permission to users.
Field Level Permissions defines the specific field the User can see.
For Example:The User must see his Manager’s Details like Name, Phone, Address But must not see his compensation.
Action Level Permissions ensures that Users only have access to the related actions they should.
Workday Security Configuration Validator
It automatically test all the field level and action level security tests with W D Security configurator tester and ensure 100% compliance to Security Process controls. It has 500+ Security Validation controls and 50+ Services and Report Test.
Well ! there is still a question in our mind that How can OpKey Workday Test Accelerator help in automating Security Configuration Validator ?
The answer to this question is a very simple and Concise. OpKey workday Test Accelerator has a pre-built validation Business Process that allows Business users to easily provide Security baseline and test Security Validation with just a Single Click.
To do so, follow the steps mentioned below:
Download the pre-provided spreadsheet template from OpKey Test Accelerator.
Now, you need to provide the security configuration baseline data or OpKey can automatically pick this data from a baseline Workday tenant.
Select the appropriate pre built security validation Business Process and call it in a Test Case . Then Execute it.
Once the execution is over, You can obtain the results back in the external spreadsheet showing the Test Steps that has been passed or failed.
User can also see the screenshot for all the tests for audit trail purpose.
This is how OpKey automates the Security Configuration Validator for Workday.