We haven't been able to reproduce this, creating two databases with 3 same named users each and denying a user in one prevents the user from logging in, could you please double check that remote access is denied for the user in the second database.
Would it be possible at all to send us a copy of the databases?
Announcement
Collapse
No announcement yet.
Unauthorized tester allowed access to Web project test cases.
Collapse
X
-
Database Access
Yes, I have three (3) separate databases:
A. AccessManager
B. LandWarrior
C. SambleDB
Leave a comment:
-
Were the separate projects in a different database? The users access permissions are per database, not per project.
Leave a comment:
-
Thanks for the fault report. We'll see if we can replicate the problem here.
Leave a comment:
-
Unauthorized tester allowed access to Web project test cases.
Defect ID: DR-TL004
Defect Description: Unauthorized tester allowed access to Web project test cases.
Test configuration:
OS - Microsoft Windows XP Pro
CPU - P4, 2.40 GHz
RAM - 512KB
SUT - Testlog V3.0 Build 1013
Server - Apache 2.2.4
IE - Version 7.0.5730.11
Test Preconditions:
Project A - Tester A - Remote Access Enabled
Tester B - Remote Access Enabled
Tester C - Remote Access Disabled
Project B - Tester A - Remote Access Enabled
Tester B - Remote Access Disabled
Tester C - Remote Access Enabled
Steps to reproduce:
1. Access TestLog with IE.
2. Verify the TestLog Web Access dialog is displayed.
3. Verify there are multipal databases available to select from.
4. Click on Project 'B' database
5. Verify login dialog is displayed.
6. Login to 'B' database with Tester 'B's TesterID and Password from Project 'A'.
Actual results: Tester B from project A was allowed to login to project B.
Expected results: A tester shall be granted access to a project if the tester has a valid Tester ID and password for that project. When there are multipal projects the tester must be granted access for each project that the tester is allowed to access.
Respectfully submitted,
JC Kurth
Sr. QA/Test EngineerTags: None
Leave a comment: