Siemens Teamcenter 11.2.x now Supports Automation of Security Model Testing

The world has become a scare place, everyday we hear about different security problems putting more and more challenges in ensuring the protection of senstive information data in PLM enviroment. In this age of costant connectivity and rapid communication, security is paramount where security threat can also orignates from people working inside the company by exploiting rights (AM privileges) escalation and can create serious loss or damage to the company. This poses dire need to ensure that your security model is intact with your business security requirements and ensure user is not getting extra access than he required and also he is not restricted to access which he required to perform his job and hence Siemens Teamcenter PLM now supports capability to thoroughly test your security model automatically using AM rule test harness tool.

I found this tool very useful particulary in below schenarios, where you just need to create test input file once and re-run the same when you want to ensure everything is intact with your business security requirements. I used this tool as a part Teamcenter Upgrade at one of our customer site, which tremedously saved our time in user access testing and helped us to avoid human errors. Importanatly, our customer liked the tool most since they can use input files we wrote during upgrade for there next patching, upgrade or while applying change pack for new development work to avoid regression testing everytime, which aslo helped to build confidence in security model they built for their busienss.

Schenario1: Develop Security Model for your Production Enviorment Using Development Environment

1. Develop security model in development enviroment as per your busienss security requirements by adding new AM rule and/or editing AM rules
2. Create test input file for checking different privilges for users/group/role/project combination for set of data
3. Run the test on development enviroment and ensure everything is passed as per your expecation through AM rule test report
4. Export the rule tree and load in production and run the test using same input file created in step2 and ensure that security is intact with your expectation
5. Run the test on production enviroment and ensure everything is passed as per your expecation through AM rule test report
6. Repeat step 1 to 5 until you fully develop security model for your busienss

Schenario2: Ensure Security Model is Intact after Patch, Customziation, Major Upgrade, Changes in AM rule tree for new busienss requirements

1. Create test input file for checking different privilges for users/group/role/project combination for set of data
2. Run the test on production enviroment and ensure everything is passed as per your expecation through AM rule test report
3. Perform the Patching, Customziation, Upgrade, Changes in AM rule tree for new busienss requirements
4. Re-run the test to ensure your security is intact and not disturbed because of above actions

How to use?

1. Create test input file using sample file as below

2. Run the utlity named as am_rule_test_harness available in TC_ROOT/bin directory on TC Commnad promt

3. Analyze the test result created at SecurityModelTesting directory

Open the directory AdminDataReport and click on index.html for html test report which looks like as below where you can easily identify what are all test have passed and what are failed. Also, you can easily identify the branch of ACL including ACE, Accessor, and Conditions which caused failure to easily fix the AM rule tree.

4. Identify which ACL rule entry or accessor is failing the test by clicking on the failure node in the report which will show exact the entry
5. Fix the AM rule tree accordingly and
6. Rerun the same test to ensure that security is as per your expectation

Benefits:
1. Great efforts saving as you can automate complete security testing just by writing once your test cases in xml format and then after it’s a matter of running the test |
2. Avoid human errors in testing
3. Help to develop security model using development environment very effectively
4. Also help to take snapshot of other admin data to capture the site state when you perform the security test. In case you don’t want this data to be exported you can this tool only using AM rule tree switch which ensures only AM rule tree snap will be taken and not the other data