by Nataliia Vasylyna | May 15, 2015 10:00 am
There are many multiuser software products such as enterprise management systems, social networks, online shops and other web and network applications.
Functional testing[1], usability testing, performance testing and other testing activities of such systems are more complex than verification of a desktop single user program. And all software users must be sure that their personal data are protected.
Security testing of systems of that kind should touch upon outside and inside aspects. Logging procedure, passwords and storage of the user passwords, protection from cyber-attacks relate to outside aspects.
Inside security aspects include clear allocation of the user roles and different access rights to different users.
For example, in a plant management system an accountant must have access to certain accounting data such as salaries, income, expenses, but this user must not be able to go to pages of industrial processes control or laboratory researches.
Managers should have access to more data than non-management employees.
Manual and automated testing techniques are used during comprehensive security testing of a multiuser system.
Source URL: https://blog.qatestlab.com/2015/05/15/testing-of-access-rights/
Copyright ©2024 QATestLab Blog unless otherwise noted.