The following screen shots illustrate the APM authorizations testing process from both the business user and security team perspective.

In Figure 1, the tester (business user) gets an authorization error executing XD01. (Without APM, the users would wait for hours or days for a correction to be delivered before continuing testing.)

The tester goes back to the APM test screen and reports the error in Figure 2. After completing the form, the tester presses "Save and update" and the report is sent to the APM Cockpit, where the tester's credentials are automatically updated.

This update allows the tester to successfully continue testing XD01, as in Figure 3. The test ID has only been approved with the precise access missing to do the task intended. This access can be reviewed by the security team at a convenient future time.

After completing the functional test of XD01, the tester can check off XD01 as "Accepted" and continue with the next transactions (see Figure 4). APM will keep track of what is tested for the benefit of both the test managers and the tester. Many different test IDs can be simultaneously tracked.

In the APM Cockpit, the authorization team can follow both the progress of the user testing, analyzing and correcting the APM issues that are reported. In Figure 5, the "Project Overview" screen shows both the progress of the individual test IDs and the status of the authorization issues that APM is tracking.

Figure 6 shows the XD01 error reported by the tester as seen in the APM Cockpit. The authorization team can continue the process of solving the issue by adding a responsible party, adding a comment to the issue, analyzing the APM issue and finally executing a work task to update the role or add a role to the user. All relevant actions within APM are recorded and documented for each individual APM issue.