...
source | function | target | result |
|---|---|---|---|
SuperUser | can SU | SuperUser | false |
SuperUser | can SU | Priv User | true |
SuperUser | can SU | Standard User | true |
Standard User | can SU | SuperUser | false |
Standard User | can SU | Priv User | false |
Standard User | can SU | Stardard User | false |
Priv User | can SU | SuperUser | false |
Priv User | can SU | Standard User | true |
Priv User | can SU | Priv User | true |
Preparation
- a site with SU Tool installed (duh!)
- at least two non SuperUser accounts
- at least two SuperUser accounts
Test
| Note | ||
|---|---|---|
| ||
Default realm name and default security function name in tool reg file |
Test 1
Login as admin and access the realms tool and delete the the realm entitled '!su.can_su_realm'
Select the tool page that contains the SU Tool
Return to realms tool and search for the above realm name
Expected result: '!su.can_su_realm' will be created if missing the first time the tool is opened by a SuperUser
Test 2
Login as admin and access the realms tool and delete the realm entitled '!su.can_su_realm'
log out and re-login as a non admin user in the site that has the SU Tool installed
Select the tool page that contains the SU Tool
log out and relogin as admin
Return to realms tool and search for the above realm name
Expected result: '!su.can_su_realm' will be created if missing the first time the tool is opened by and Standard User.
h4 Test 3
Login as admin and select the tool page that contains the SU Tool
type in the name of another SuperAccount and select 'become user'
Expected result: 'unauthorized' - No one can su a SuperUser account, not even another SuperUser