Versions Compared

Old Version 4

changes.mady.by.user Jon Gorrono

Saved on

compared with

New Version 5

changes.mady.by.user Jon Gorrono

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
titleDefinitions: Types of users

Priv User = users that are added to a role in the 'SU Realm' which has the 'Can SU' security function
Standard User =

  1. ) any user that is not SuperUser and has not been added to a role in the 'SU Realm' which has the 'Can SU' security function, or
  2. ) any user that is not SuperUser and has been added to a role in the 'SU Realm' which does not have the 'Can SU' security function

SuperUser = any user that has a 'magical' name or ability to edit the admin home site.

What is expected:

test

source

function

target

result

SuperUser

can SU

SuperUser

false

SuperUser

can SU

Priv User

true

SuperUser

can SU

Standard User

true

Standard User

can SU

SuperUser

false

Standard User

can SU

Priv User

false

Standard User

can SU

Stardard User

false

Priv User

can SU

SuperUser

false

Priv User

can SU

Standard User

true

Priv User

can SU

Priv User

true

Preparation

  • a test site with SU Tool installed (duh!)
  • at least two non SuperUser accounts in the test site
  • at least two SuperUser accounts

...

Expected result: '!su.can_su_realm' will be created if missing the first time the tool is opened by and Standard User.h4

Test 3

Login as admin and select the tool page that contains the SU Tool
type in the name of another SuperAccount and select 'become user'

Expected result: 'unauthorized' - No one can SuperUsers cannot su a SuperUser account, not even another SuperUser

Test 4

Login as a standard user and select the tool page that contains the SU Tool
type in the name of another standard user and select 'become user'

Expected result: 'unauthorized' - Standard users cannot su another standard user account with out the correct permissions

Test 5

Login as a standard user and select the tool page that contains the SU Tool
type in the name of SuperAccount and select 'become user'

Expected result: 'unauthorized' - Standard users cannot su a SuperUser account.

Test 6

prep for 6-a and 6b

1. Login as admin and access the realms tool and edit the realm entitled '!su.can_su_realm'
2. Add a role (example 'Can SU')
3. add a Checkbox next to 'su.can_su' permission for that role
4. click on 'add a grant'
5. type in the name of a standard user in the test site.
6. save the edit
Logout and re-login as the username given in #3
Select the tool page that contains the SU Tool

6-a

select tool reset button
type in the name of SuperUser and select 'become user'

Expected result: 'unauthorized' - Standard users cannot su a SuperUser account.

6-b

select tool reset button
type in the name of a standard user and select 'become user'

Expected result: success