Konferenzprogramm 2021

Thema: Testing Roles and Permissions

Nach Tracks filtern
Nach Themen filtern
Alle ausklappen
  • Dienstag
, (Dienstag, 04.Mai 2021)
09:20 - 09:55
Di 2.1
Lost in Permissions
Lost in Permissions

I have been working on a project with an extremely intricate users' roles structure for more than a year and during that time I've noticed many things that I could have done better and issue that I could have avoided.

I will drag your attention to: importance of creating and reviewing documentation on a regular basis; unification of roles restrictions; admin panel testing; merging of roles; priorities in system roles testing; how not be lost in permissions testing.

Absence of critical issues in roles and permissions is crucial for business, thus shouldn`t be neglected.

Target Audience: Testers
Prerequisites: experience with access rights testing would be nice but not necessary
Level: Basic

Extended Abstract:
Most of websites have at least 3 system roles - admin, logged in user and guest. Testing of users' access rights doesn`t seem to be too complicated in this case. However, what if there are multiple roles? What if there are more than 10 roles and some of their functionalities overlap?

I want to tell a story of the project with an intricate users' access rights system.

I am going to raise the following topics:

- What to do if you are hired when the project is already ongoing and there is no documentation for user roles;

  • Conflicts in logic when we have combinations of permissions;
  • Prioritizing roles and permissions that affect business the most;
  • Unreasonable distribution of time resources due to insufficient research;
  • Unification of the restrictions applied to users;
  • In what cases you should automate tests for user roles;
  • Danger of checking going through access right flows on front-end only;
  • Admin panel testing.

In my opinion sometimes roles and permissions testing is underestimated and is not tested separately. Instead it's expected that a tester will cover all roles while testing a feature. This is a justified approach when a new feature is tested, but not effective during regression or for automated tests.

Absence of critical issues in roles and permissions is crucial for business, thus shouldn`t be neglected.

Yana Shapka is a QA Engineer from Kyiv, Ukraine. A mentor in Women Who Code Kyiv nonprofit organization, helping bridge the gender gap in the tech industry in Ukraine. A mentor in BeQA Today non-profit organization, helping people with disabilities to start their careers in software testing. Gave a speech 'The Truth About Localization Testing' at Moldova Software Testing & Automation Conference in November 2019. Gave a speech 'Being a mediator in a distributed multicultural team' at Hungarian Software Testing Forum in November 2020. Can speak Japanese. Traveled to 25 countries.
Yana Shapka
Yana Shapka
Track: Vortrag
Vortrag: Di 2.1

Vortrag Teilen