Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

Assign user list is public and not private to only those who have access


#1

I noticed whenever you assign a test run item to a user, the pulldown shows a full list of all users registered on the TestRail “server”. The list is not filtered, based off which users actually have access to the project which the test item sources from.

I think it’s fair to assume a test that you assign to someone, will only be if they have access to that project.

This is a privacy/security concern, because we have different groups of people using different projects, but deploy group/individual permissions to prevent access to certain content. The user list is a form of content.

Am I missing something; is this reasonable to fix?

Thanks


#2

Hello Steve,

Thanks for your posting! Yes, this will be addressed with the next version of TestRail which will likely be made available later this quarter. This will then take into account the project permissions and access and only show the users that have access to the project. This applies to all locations where you can see users such as the Todos page, Assign To dropdowns, filters, etc.

I hope this helps!

Regards,
Tobias


#3

Great, appreciate the response and look forward to the update.


#4

That’s great to hear, Steve!

Regards,
Tobias