| Subject: | Add "user access list" security so one user cannot view all other users without permission |
| Summary: | A. Objective: 1. Some users should not be able to allocate a task to any other user. E.g customer using portal should be able to raise a request and create a task without seeing any other user in the system. 2. A user in helpdesk may want to assign a case to another user within their organisation. 3. A company administrator should be able to see all users in the company so support staff can work on any organisation. 4. The system administrator should be able to approve/disapprove any user in the system based on the current design, the following rules should be applied. Using Link-HELPDESK as an example: 5. Alvis & Sanjay should have access to all users in the system because they have access to all 4 companies 6. Sanjeet should be able to see all users with access to company "LBS". No access to Philip and Sitla. Sanjeet can see Alvis because Alvis has access to company LBS. 7. A customer in company LBS should be able to view all users in their organisation B. Design: Add security below to achieve the above objectives. 1. Can view users in my organisation 2. Can view users that have access to my company 3. Can view all users in the system |
| Audit Notes: | Edited by sanjay on 05/02/21 17:15. Edited by sanjay on 05/02/21 15:15. Edited by alvis on 22/01/21 08:55. |
| 02 Feb 2021 | 05:41PM Comment 1 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 02-02-2021 09:38 PM Time Taken: 16.00 |
| PART A - Development work for this case has been completed. 1. The change will be available in version:12030.0201 2. The following changes were made(Include Database object names, Program classes and any other relevant information): - Added/Ammended the following new security options:
- Can view/manage all users in the system. To manage users assign access to Add/Edit/Delete.
- Can view/manage users in my Organisation. To manage users assign access to Add/Edit/Delete. Organisation is assigned in the "User Maintenance" form.
- Can view/manage users in my Primary company. To manage users assign access to Add/Edit/Delete. "Primary Company" is assigned in the "User Maintenance" form.
- Can view/manage users who have access to my "Logged In" company. To manage users assign access to Add/Edit/Delete.
- The security options are self explanatory
3. Affected Areas: - User Access across the application especially Helpdesk
4. The issue was caused by: - Improve Security
5. Notes:
6. Next Step: UAT ---------------------- PART B - Development Reference: 1. Changes implemented was according to the approved design (Y/N): 2. Variations to the approved design: |
|
| 03 Feb 2021 | 04:07PM Comment 2 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 03-02-2021 07:21 PM Time Taken: 1.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | Enable the access for the rule "FR619 Can view/manage users in my Primary company. To manage users assign access to Add/Edit/Delete." - Log in as admin, the primary company for the user is 1001.
- Admin should only use see users with the primary company as 1001.
- Admin should not be able to see user TPA or assign tasks has as the primary company is1003 for the user
| Pass | | 2 | Enable the access for the rule "FR618 Can view/manage all users in the system. To manage users assign access to Add/Edit/Delete." - The admin should be able to see all 135 users and assign tasks to the users.
| Pass | | 3 | Enable the access for the rule "FR617 Can view/manage users who have access to my "Logged In" company". - For the user, E074 enable company access for company 1005.
- Log in as the administrator into company 1001.
- The administrator should not be able to view the user details or assign tasks to user E074
- For user, A017 enable company access for company 1001 and 1005.
- Log in as the administrator in company 1001.
- The administrator should be able to view the user details or assign tasks to user A017
| Pass | | 4 | Create a new Organisation "EBS" and assign EBS to user E013 and E019 Enable the access "FR616 Can view/manage users in my Organisation. To manage users assign access to Add/Edit/Delete" only. - Log in as admin, the organization for admin is 1001.
- We should not be able to see the user details for E013 and E019 as their organization is EBS
- But the admin should see the other users eg A006 as the organization for A006 and admin is 1001.
| Fails. When the admin logins we can only see the user details of the admin |
Environment Details - OS version: Windows Server 2012
- Application version: 12.30.0201BETA
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-123
Next Step: - For Review
|
|
| 04 Feb 2021 | 11:28AM Comment 3 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 04-02-2021 02:56 PM Time Taken: 2.00 |
| PART A - Development work for this case has been completed. 1. The change will be available in version:12.30.0204 2. The following changes were made(Include Database object names, Program classes and any other relevant information): - Changed the user list to show all users in the same organisation when the user has view access to organisations.
3. Affected Areas: - User List
4. The issue was caused by:
5. Notes: Refer to the scenario below: Alvis has access to view users in my organisation. user: Alvis organisation: Link Technologies in company INFO Organisation: Edge in company EBS
user: Sanjay organisation: Link Technologies in company INFO Organisation: Link Technologies in company EBS
user: Rashna organisation: Edge in company INFO Organisation: Edge in company EBS
- When Alvis logs into company INFO, he will see users: Alvis, Sanjay in menu "user maintenance"
- When Alvis logs into company EBS, he will see users: Alvis, Rashna menu "user maintenance"
6. Next Step:
---------------------- PART B - Development Reference: 1. Changes implemented was according to the approved design (Y/N): 2. Variations to the approved design: |
|
| 05 Feb 2021 | 03:12PM Comment 4 by Rashna (Edge Business Solutions) Assigned To: Alvis (Link Technologies) Followup Date: 05-02-2021 07:00 PM Time Taken: 1.50 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | user: Alvis organisation: Link Technologies in company INFO Organisation: Edge in company EBS
user: Sanjay organisation: Link Technologies in company INFO Organisation: Link Technologies in company EBS - When Alvis logs into company INFO, he will see users: Alvis, Sanjay in the menu "user maintenance"
| Fails when I log in as Alvis in company InFO - I can only see the user details for Alvis. Steps - Created a user as AlvisC. Password 1234
- Role - Employee Self Serve.
- Enabled rule "FR616" for the role.
- Did the user setup as per the "Test Description".
|
Environment Details - OS version: Windows Server 2012
- Application version: 12.30.0204BETA
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-123
Next Step: - For Review
|
|
| 05 Feb 2021 | 03:46PM Comment 5 by Sanjay (Link Technologies) Assigned To: Rashna (Edge Business Solutions) Followup Date: 05-02-2021 07:15 PM Time Taken: 1.00 Notes: ETC extended from: 28/01/2021 to 05/02/2021 |
| PART A - Development work for this case has been completed. 1. The change will be available in version:12.30.0205 2. The following changes were made(Include Database object names, Program classes and any other relevant information): - The changes were not included in build 12.30.0204.
3. Affected Areas:
4. The issue was caused by:
5. Notes:
6. Next Step: UAT ---------------------- PART B - Development Reference: 1. Changes implemented was according to the approved design (Y/N): 2. Variations to the approved design: |
|
| 05 Feb 2021 | 05:15PM Comment 6 by Sanjay (Link Technologies) ETC was changed from 05/02/2021 to 05/02/2021 |
| 08 Feb 2021 | 04:06PM Comment 7 by Rashna (Edge Business Solutions) Assigned To: Sanjay (Link Technologies) Followup Date: 08-02-2021 07:11 PM Time Taken: 1.00 |
| QA Results Tests carried out according to requirements specified on the case header Test Results Summary Table 1 - Summarised list of issues | No | Test Description | Pass/Fail | | 1 | user: Alvis organisation: Link Technologies in company INFO Organisation: Edge in company EBS
user: Sanjay organisation: Link Technologies in company INFO Organisation: Link Technologies in company EBS - When Alvis logs into company INFO, he will see users: Alvis, Sanjay in the menu "user maintenance"
| Pass
| | 2 | user: Alvis organisation: Link Technologies in company INFO Organisation: Edge in company EBS
user: Rashna organisation: Edge in company INFO Organisation: Edge in company EBS - When Alvis logs into company EBS, he will see users: Alvis, Rashna menu "user maintenance"
| Pass |
Environment Details - OS version: Windows Server 2012
- Application version: 12.30.0204BETA
- Setup: Demo
- Server : 10.0.0.14
- Database: LINKSOFT-DEMO-123
Next Step: - For Review
|
|
| 12 Feb 2021 | 01:24PM Comment 8 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 12-02-2021 05:24 PM |
| Thanks Rashna |
|