Xiting Role Builder

Role Builder, in combination with Xiting Times, features a unique technology called Productive Test Simulation (PTS). Using this technology, role administrators can test new roles in a production environment without negatively affecting end-users.

Additionally, Role Builder simplifies traditional unit testing by automatically creating so-called delta roles based on failed authorization checks. Based on a whitelist/blacklist, delta roles are automatically and instantaneously assigned to testers so they can continue testing without interruption.

Role Builder in Detail

Role Testing CHALLENGE

Traditional role test cycles are time-consuming and error-prone, and they significantly impact business users.

As a result, organizations often avoid or postpone necessary role redesign or remediation projects, unless required due to audit findings. 

Productive Test Simulation

In combination with Xiting TimesRole Builder offers a unique feature called Productive Test Simulation. It’s an innovative solution that allows role administrators to simulate how new roles would work, based on user activity in the production system.

Practically speaking, that means new roles can be tested in production without impacting end-users. 

Role Builder enables this audit-compliant capability by leveraging a special user type in SAP called a “reference” user.

Each dialog user that is part of the test simulation gets a reference user assigned that is associated with the new roles that are in the test scope.

Whenever an authorization check is performed, it is first performed against the reference user (and the new roles). If the authority check fails, due to missing or incorrect authorizations, the SAP kernel immediately repeats the check against the roles of the dialog user.

If that second authority check succeeds, a log entry is created that provides information to the role administrator about what authorizations are missing in the new roles. All of that happens without the end-user’s knowledge.

As a result, new roles or role changes can be conveniently tested in production without the need for a test environment, test scripts, or the involvement of testers or end-users. 

Identified gaps and authorization issues can be fixed in the background without disrupting the business.

This novel, forward-looking project approach enables a go-live without risks and guarantees simultaneous, fully-automated testing of business processes without waiting times or interruptions. With the help of this innovative Xiting technology, testing lead times are radically reduced, cost saving potentials are released, and efficiency increases are achieved thanks to high test automation.

Automated Role Building

With Role Builder, the provision of missing authorizations can be fully automated without the intervention of an administrator. By automatically generating so-called delta roles, Role Builder can assign missing authorizations as soon as they are identified. Testers can also fully manage test scenarios within a short period without waiting for issues to be resolved by an authorization administrator (end-to-end testing), significantly reducing the lead time for testing.

Critical authorizations are intercepted in the course of automatic provisioning via a blacklist, which can be extended according to customer requirements. This approach ensures that critical authorizations are not automatically assigned to testers, thus maintaining compliance with existing laws and regulations.

Within the framework of background processing, roles for interface and system users can be continuously optimized, enabling authorizations to be assigned according to the “least-privilege” principle. This ensures that system users cannot misuse their authorizations, and that only the intended activities are possible in background processing

More Information

Use Case
Role Builder in action: Automated role testing with the XAMS.

On-Demand Webinars
Attend our webinars and learn more about the XAMS and SAP security.

SAP Security Blog
Learn more about the innovative modules of the XAMS in our blog posts.

Learn more about the modules of the XAMS!

We look forward to your inquiry!

Other XAMS Modules

The innovative modules of the XAMS adapt to your needs and thus enable tailor-made solutions.

ABAP Alchemist

Improve the quality and security of existing and new ABAP code, and quickly find reusable code via the API finder.

Role Replicator

Optimize SU24, identify issues in your existing roles and authorizations, and prevent issues in new roles from entering your production landscape.