Page Comparison

...

SAK-354: Add Role based SU security
SU tool uses Security(Service).isSuperUser() to determine who can SU. This should be modified to use agent ,/- function /- target ....

IT Express - can su - students
IT Express - can su - faculty
IT Express - cannot su - admin

...

The template permission matrix with an example of source, function, target, and results:

source	function	target	result
user A	can SU	user B	true/false

Panel

title	Definitions: Types of users

SuperUser = any user who the ability to edit the Administration Workspace (i.e., a SmartSite admin user)
Priv User = users who are added to a role in the 'SU Realm' which has the 'Can SU' security function
Standard User = any user who is not a SuperUser, and who

has not been added to a role in the 'SU Realm' which has the 'Can SU' security function, or
has been added to a role in the 'SU Realm' which does not have the 'Can SU' security function

What is expected:

#

test Test #	source	function	target	result
Test	3	SuperUser	can SU	SuperUser	false
	test 3	SuperUser	can SU	Priv User	true
	SuperUser	can SU	Standard User	true
Test 5	Standard User	can SU	SuperUser	false
	test 5	Standard User	can SU	Priv User	false
Test 4	Standard User	can SU	Standard User	false
test 4 Test 6a	Priv User	can SU	SuperUser	false
test 6a Test 6b	Priv User	can SU	Standard User	true
test 6b	Priv User	can SU	Priv User	true

Preparation

a test site with SU Tool installed (see #SU Tool Setup to set up a course)
at least two non SuperUser accounts in the test site
at least two SuperUser accounts

...

Versions Compared

Old Version 26

New Version 27

Key

What is expected:

Preparation