Subscribe Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security. Subscribe

How to prevent user groups from modifying test results?

In ‘User Roles’ I have the ‘Modify’ flag for ‘Test Results’ disabled for certain user type (here ‘Designer’). Yet users belonging to this group can still edit result entries. My TR version: 6.2.1.1003

Hi @paweln,
just for clarification: Do you talk about the same user who has created the result of a test?
This would be the privilege edit which comes with the add. But there is a setting, how long the former creator can edit such a result.

If not, do the users probably belong to a second group, still having the priv?

Just some ideas…

Hi @kwirth,

Yes, the same user who has created the result. My understanding is, users can edit only their own result entries. (I have verified that even admin can’t modify some elses’s results). This rule, by the way, maybe a little too restrictive. In our TR, a majority of results are recorded by automated tests where we use a dedicated ‘auto’ account. Since automated tests are more prone than humans to report incorrect results (i.e., Failed vs. Blocked; the latter is determined during post-mortem analysis), I can either publish the credentials of the auto user or make the changes myself, neither a good option.

As for the result updating. I guess I was confused what the difference between ‘Edit’ (in ‘Add/Edit’) and ‘Modify’ in the context of test results was. I think it would make sense to manage INSERT and UPDATE request privs indipendently. My apologies if this is already documented; after 8 years of using TR maybe it’s time to RTFM.

Thanks,
-Pawel

Hi @paweln,
no need to apologize.
Well, rtfm is always a good idea. :innocent:

The Modify priv has been added some versions ago. Otherwise only the former creater was able to edit a result - depending on the time already elapsed. To separate Add and Edit might be an idea, but not available right now…

Privilege systems usually never fit all needs for all clients, so I think you may need to invest additional effort to adjust you processes.

Depending on your usage I would suggest, not to modify your automated results afterwards. Probably it is better to add a new result for the test, after a dedicated analysis.

Just as a hint: The admin flag for a user is (totally) independant from the privileges. The admin has access to a special area to customize etc., but doesn’t effect the ceration of cases or results or similar.

Regards
Karsten