...
- Login as admin and access the Realms tool and select the realm entitled '!su.can_su_realm'.
- From the Edit Realm screen, select the Add Role link and type in a Role Id name (for example, 'Cannot SU'.)
- Do not check any permissions and Save.
- Return to the Edit Realm screen for '!su.can_su_realm'. Select one of the newly added Priveleged users.
- From the Edit Realm screen, select Remove All.
- From the Edit Realm screen, select Grant Ability.
- Type in the name of a non-SuperUser in the test site, the same Priveleged User you removed and then select the new role name you created , and then Save. You have now added a user to a role that does not include the can_su security function.
8 - Validate Priveleged User without can_su in Role cannot SU successfully
Logout and re-login as Priveleged User with new 'Cannot SU' role.
Select the test site that contains the SU Tool.
Type in the name of one of the Priveleged Users and select 'become user'.
Reset and type in the name of s SuperUser and select 'become user'.
Reset and type in the name of a Standard User and select 'become user'.
Expected results - all 3 attempts: 'unauthorized' - Standard users cannot SU a Privileged account.
SU Tool Setup
To setup the SU Tool in a particular course or project, login as an admin and follow these steps:
...