WEB Intelligence security testing
I am in a QA team :
1. we have a WEB intelligence Universe and canned reports that will come in for QA.
A security is going to be put on them as :
Only certain people will be allowed access to certain universes as well as certain objects in the universe would be hidden from certain people.
Is there any special check that needs to be done for this security
Re: WEB Intelligence security testing
If the access will be controlled using user IDs, then make sure that the proper user IDs are allowed access and all other IDs are not allowed access.
Sometimes, this is maintained with a user role. Then individual users have roles, and subsequently inherit all of the allowed functions for that role. If this is the case, you may test scenarios like: user in the role, user not in the role, and user used to be in the role but no longer is.
What happens when a user tries to access a report that is not in their universe? Will the system return a pre-determined message explaining the situation, or will they hit an ODBC error from the server?
How are the users authenticated? Is the user ID (or variable which controls the access) alterable? (This might be in the location field of a web application, or in the .INI file of a client/server application.)
Also try searching the forum for previous replies. This thread may be of interest to you: