Expected Volume User experience (restrictions / guidelines / client needs)
Non-functional requirements specify how the system should do it. These includes the following: Target UI5 version Target browsers Deployed to cloud / on-premise Fiori LaunchPad or FAB LaunchPad Scanners to be used? OCR to be used?
Performed by IQX Business Analystor Test Specialist
High-level scenarios that answers “What do we need to test?”
Test Cases REQUIRED
ℹ️ More info
Performed by IQX Business Analystor Test Specialist
Test Cases are the set of positive, negative and exceptional executable steps of a test scenario which contains the following:
Pre-conditions, Test data, Expected result, Post-conditions and Actual results.
Test Data REQUIRED
ℹ️ More info
Performed by Business User
Test Data that covers all positive and negative Test Cases.
Workflow Design (if applicable) REQUIRED
ℹ️ More info
Performed by IQX Business Analyst or Business User
Complete flow, including all variations / paths. Identify possible system tasks where the user that does the approval does not have the rights / auths to execute the next step.
Security Design Considerations
Task
Reviewed by
Plan OData Services REQUIRED
ℹ️ More info
Performed by IQX Developer and IQX Business Analyst Do not use a generic OData service for multiple tasks. Rather create specific services, each of which can be secured with its own role(s). Separate functionality by role For example: Create 2 services for ‘Create’ and ‘Approve’ if they are likely to be executed by 2 different roles Consider redefining the IQX FAB service so that a separate role can be created specifically for the app.
Identify validations that can be done on the front-end REQUIRED
ℹ️ More info
Performed by IQX Developer
This should be limited to ‘cosmetic’ checks, like:
Validity of e-mail address (includes an @ and <period>, etc.) Regex or other checks for fields that need to satisfy a specific pattern Type and content validation (integers, numbers, string length, and etc. (Note that this will likely be validated again on the back-end)
Identify validations that have to be done on the back-end (server-side) REQUIRED
ℹ️ More info
Performed by IQX Developer
All authorization checks All business rules/validations All checks for data correctness (before passing to a BAPI or persisting in a table)
Consider all content that has been included in the FAB Data Model REQUIRED
ℹ️ More info
Performed by IQX Developer
Storing any sensitive data in the Data Model is not advisable. If sensitive data has to be stored in the Data model, the developer has the option to use methods inherited from the FAB Base Class to: 1. Encrypt the data before sending to the front-end. 2. Decrypt the data before using it in the back-end.
The developer can tick the ‘Encrypt Data’ checkbox on the Project Properties page to prevent sensitive data from being persisted in the FAB tables.
When passing data to BE / FE, consider sending only part of the Data Model REQUIRED
ℹ️ More info
Performed by IQX Developer
When calling a FAB Action, limit the amount of data being sent.
Ensure ‘JavaScript mapping’ has been removed before sending App to QA or PRD REQUIRED
ℹ️ More info
Performed by IQX Developer
For example: //# sourceURL=journal_upload.js This line of code has to be deleted before it is moved to production, as it gives a developer the ability to change the code during run-time.
Avoid using ‘Local Storage’ in the browser for any application/user data REQUIRED
ℹ️ More info
Performed by IQX Developer
Local Storage in browser inherently insecure and possibly shared with other apps.
For reporting and analytics, ensure that authorizations are applied to the data before displaying/using REQUIRED
ℹ️ More info
Performed by IQX Developer
Avoid doing SELECTS with no consideration of the data that might be retrieved.
Alternatively strategies might include: 1. Using BAPI’s or other standard SAP-provided mechanisms to retrieve data. Auths are checked in BAPI’s already. 2. Checking a user’s access or performing manual authorization checks and using the results to filter the data. 3. Do not extract all the data and apply a filter but rather build a Range (or set of Ranges) of acceptable values. Use the SELECT statement to retrieve only valid values.
Avoid using standard Search Helps where possible OPTIONAL
ℹ️ More info
Performed by IQX Developer
Avoid using Standard Search Helps and use OData service instead where you can control the data that is returned (auth checks, business rules, etc.) and secure the OData service with authorizations.
Consider the SAP UI5 guidelines on security REQUIRED
Is an update to an existing app? If so, have you changed the workflow steps? Or the data model? Or the process? In this instance, consider: - development tasks / data manipulation to ensure that forms that are in-flight (for example, submitted before change, approved after change) will function correctly. - the cut-over tasks at go-live. Do you need to execute specific steps to ensure that forms that are in-flight (submitted before change, approved after) will function correctly?
Unit Testing REQUIRED
ℹ️ More info
Performed by IQX Developer
Cover all test cases
Code Review - Self REQUIRED
ℹ️ More info
Performed by IQX Developer
IQX Code review checklist
Self assessment
Code Review - Peer REQUIRED
ℹ️ More info
Performed by IQX Peer Developer
IQX Code review checklist
Demo or IQX BA Review REQUIRED
ℹ️ More info
Performed by IQX Business Analyst, IQX Developer and Business User
Maintain FAB configuration REQUIRED
ℹ️ More info
Performed by IQX Developer
UI5 version App roles App user(s) App admin user(s) FAB Launchpad
Develop Admin / Matrix approval app OPTIONAL
ℹ️ More info
Performed by IQX Developer
Include Number Range (NOT Intervals) in transport OPTIONAL
ℹ️ More info
Performed by IQX Developer
Prerequisite: Number Range created
Include App in transport REQUIRED
ℹ️ More info
Performed by IQX Developer
Include STVARV variables in transport (where applicable / possible) OPTIONAL
ℹ️ More info
Performed by IQX Developer
Include System Alias in transport (must be generic) REQUIRED
ℹ️ More info
Performed by IQX Developer
Prerequisite: System Alias created
Include activation of OData service in transport REQUIRED
ℹ️ More info
Performed by IQX Developer
Prerequisite: OData Service created
Include FLP config and user roles / groups / catalogs to transport (if client chooses to use Fiori Launchpad, not FAB Launchpad) OPTIONAL
ℹ️ More info
Performed by IQX Developer
Testing
Task
Reviewed by
System Testing REQUIRED
ℹ️ More info
Performed by IQX Business Analyst Cover all test cases and ensure testing in the target version. Cover all devices specified in Non-Functional Requirements even if emulated. NOTE: Cover all browsers, especially if there is even a remote possibility that Internet Explorer might be used.
Integration Testing TO BE CONFIRMED
ℹ️ More info
To be confirmed for each Project
UAT REQUIRED
ℹ️ More info
Performed by Business User
Support if necessary, but end-to-end testing by system users with their own logons in
Pre-Go-Live
Task
Reviewed by
Cutover Steps and Go-Live Checklist Document REQUIRED
ℹ️ More info
Performed by IQX Developer and/or IQX Business Analyst
All manual pre-go-live steps required in QA, PRD or other systems, including external systems (OneList, SharePoint, DirectoryWatch, etc.). All manual post-go-live steps required in QA, PRD or other systems, including external systems.
As Built Technical Specification Document REQUIRED
ℹ️ More info
Performed by IQX Developer
As Built Functional Specification Document REQUIRED
ℹ️ More info
Performed by IQX Business Analyst
Testing Document REQUIRED
ℹ️ More info
Assigned resource to be confirmed per project
Evidence to support release for go-live
Confirm the PRD has the correct version of FAB installed REQUIRED
ℹ️ More info
Performed by SAP BASIS
Create role for OData Service REQUIRED
ℹ️ More info
Performed by SAP Security or SAP BASIS
Create Service account user (if required for background jobs) OPTIONAL
ℹ️ More info
Performed by SAP Security or SAP BASIS
Event linkages to be maintained (if required for background jobs) OPTIONAL
ℹ️ More info
Performed by IQX Developer or SAP BASIS
Schedule background job for escalations (if required) OPTIONAL
ℹ️ More info
Performed by SAP BASIS
Schedule other background jobs, as required OPTIONAL
ℹ️ More info
Performed by SAP BASIS
Post-Go-Live
Task
Reviewed by
Populate Admin / Matrix approval app in PRD OPTIONAL
ℹ️ More info
Performed by Client Super User
Prerequisite: Transports Completed
Maintain Number Range intervals OPTIONAL
ℹ️ More info
Performed by SAP BASIS, IQX Developeror Client Super User
Refresh caches on ECC REQUIRED
ℹ️ More info
Performed by SAP BASIS
Refresh caches on Gateway REQUIRED
ℹ️ More info
Performed by SAP BASIS
Sanity check - run app in PRD if possible REQUIRED
ℹ️ More info
Performed by IQX Developeror Client Super User
Post-mortem and team feedback REQUIRED
ℹ️ More info
Performed by IQX Developer, IQX Business Analyst and IQX Project Manager
- Did we meet the customer brief? - What did we do well during this project? - What did we do poorly during this project? - What did we not foresee when planning for this project? - What cool technology / software components did we build (that can maybe be reused in other projects)? - Did we meet the budget for this project? If not, why not? … and so on
