Die unabhängige Konferenz zu Software-Qualität
03. - 04. Mai 2021
03. - 04. Mai 2021
Konferenzprogramm
Die im Konferenzprogramm des GTD digital 2021 angegebenen Uhrzeiten entsprechen der Central European Time (CET).
Per Klick auf "VORTRAG MERKEN" innerhalb der Vortragsbeschreibungen können Sie sich Ihren eigenen Zeitplan zusammenstellen. Sie können diesen über das Symbol in der rechten oberen Ecke jederzeit einsehen.
Gerne können Sie die Konferenzprogramm auch mit Ihren Kollegen und/oder über Social Media teilen.
Der Track+ besteht aus Präsentationen der Sponsoren und unterliegt somit nicht der Qualitätssicherung des Conference Boards.
Bitte beachten Sie, dass es für vereinzelte Workshops eine Teilnehmerbeschränkung gibt. Weitere Infos hierzu finden Sie in den Workshop-Beschreibungen.
Konferenzprogramm 2021
Thema: Testing Roles and Permissions
- Dienstag
04.05.
, (Dienstag, 04.Mai 2021)
09:20 - 09:55
Di 2.1
Lost in Permissions
Lost in Permissions
I have been working on a project with an extremely intricate users' roles structure for more than a year and during that time I've noticed many things that I could have done better and issue that I could have avoided.
I will drag your attention to: importance of creating and reviewing documentation on a regular basis; unification of roles restrictions; admin panel testing; merging of roles; priorities in system roles testing; how not be lost in permissions testing.
Absence of critical issues in roles and permissions is crucial for business, thus shouldn`t be neglected.
Target Audience: Testers
Prerequisites: experience with access rights testing would be nice but not necessary
Level: Basic
Extended Abstract:
Most of websites have at least 3 system roles - admin, logged in user and guest. Testing of users' access rights doesn`t seem to be too complicated in this case. However, what if there are multiple roles? What if there are more than 10 roles and some of their functionalities overlap?
I want to tell a story of the project with an intricate users' access rights system.
I am going to raise the following topics:
- What to do if you are hired when the project is already ongoing and there is no documentation for user roles;
- Conflicts in logic when we have combinations of permissions;
- Prioritizing roles and permissions that affect business the most;
- Unreasonable distribution of time resources due to insufficient research;
- Unification of the restrictions applied to users;
- In what cases you should automate tests for user roles;
- Danger of checking going through access right flows on front-end only;
- Admin panel testing.
In my opinion sometimes roles and permissions testing is underestimated and is not tested separately. Instead it's expected that a tester will cover all roles while testing a feature. This is a justified approach when a new feature is tested, but not effective during regression or for automated tests.
Absence of critical issues in roles and permissions is crucial for business, thus shouldn`t be neglected.
Yana Shapka is a QA Engineer from Kyiv, Ukraine. A mentor in Women Who Code Kyiv nonprofit organization, helping bridge the gender gap in the tech industry in Ukraine. A mentor in BeQA Today non-profit organization, helping people with disabilities to start their careers in software testing. Gave a speech 'The Truth About Localization Testing' at Moldova Software Testing & Automation Conference in November 2019. Gave a speech 'Being a mediator in a distributed multicultural team' at Hungarian Software Testing Forum in November 2020. Can speak Japanese. Traveled to 25 countries.
Yana Shapka
