Best way to handle matirx of requests and permissions

  • 1.  Best way to handle matirx of requests and permissions

    Posted 12-22-2016 17:37

    We recently have had a couple of projects where we have a set of web pages with multiple fields in them and we have multiple user roles with access rights.  Some roles have access to all the pages, some have access to only some pages and even certain fields within those pages.  Currently we have a requirement page for each web page and that has a matrix of all the permissions for that page.  We then create downstream relationships to a test case for each user role for each page (login as the user with a specific role and test each page for the rights they have on that page).   So if I have 10 pages to test and 3 user roles, I have 30 test cases.  When changes are made, it can be very tedious to verify the changes in the requirements and then make sure those are propagated to the test case correctly.

    I'm sure others have the same issue and was wondering how you solved this situation?  Do you have a more elegant solution? 

    One thing that I thought might be helpful is if Jama had some sort of global variables that could be defined per project (or even per item type) and then you could use those variables in various types of items.  For instance, test cases could share a common setup procedure or various items could all use the same diagram flow chart.  That way data changed in one place would always change in other places.  In my scenario above, if each matrix could be represented as an array variable like page1[2][3] or even better page1[create_account][Technician] and then in my test case I could have formula like ($UserRole$ is a variable = "Technician"):

    if (page1[create_account][$UserRole$] == True) then action="Enter new account information",result="Data can be entered",notes="$UserRole$s can create account" else action="$UserRole$ should not be able to enter account",result="Fields are not editable",notes="[UserRole]s cannot create accounts"

    That way I could change the data in my requirement and my test case would always be in sync.  If there was no else statement, then that line in the test case would not appear.  Then if you really wanted to get creative, then when you were running the test case it could prompt you for the type of user and it would dynamically create the test case based on that user.  Then I only have to write 10 test case instead of 30 (take it those 10 are much more complicated)

    Scot Mitchell
    Nortek Security & Control