Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

Authorisation test cases from Central Banks, release 3.1 of September 2015 Auth

Authorisation test cases from Central Banks, release 3.1 of September 2015 Authorisation test cases from Central Banks Version Corresponding User testing Guide version Changes 1.0 2.0 Initial version 2.0 3.0 Minor corrections 3.1 3.1 Enhancement from last version, not linked to a new software release Authorisation test cases from Central Banks, release 3.1 of September 2015 Access right management Test ID AUTH-T2S-RIGMN-0010 Function Creation of a Business User Test category MAND Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions The user has the following privileges: - ARM_CreateUser - ARQ_T2SSysUserQueryT2SActorQuery Description A user is a static data object that allows an individual or an application to interact with T2S. In the T2S GUI Screen: 1) Select the users – search/list screen: Static Data >> Access Rights >> Users 2) Click on the “New” button 3) Enter all the mandatory information. The user is mainly defined by the ‘Login Name’ and ‘System User Reference’ that must be unique in the system. 4) Click on the Submit button Expected results A user belonging to the relevant party is created. Remark: this test case does not allow the user to perform any action in T2S, three further steps are still necessary: 1- Create Certificate DN. 2- Create User Certificate DN Link. 3- Grant business privileges or roles to the business user Authorisation test cases from Central Banks, release 3.1 of September 2015 References T2S-UHB 2.5.6.21 User - New/Edit Screen T2S-UHB 3.2.4.1 Create a New User T2S-UDFS 1.3.3.2.1 Configuration of users Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0020 Function Grant role to a user Test category MAND Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions To grant a role to a user, you must own that role. You can only grant a role to a user that belongs to your party. Privileges: - ARQ_RoleListQuery - ARM_GrantRole The role to be granted does not contain any privilege overlapping with any other privilege granted to the user via a privilege or role Description In the T2S GUI Screen: 1) Go to the granted roles – search screen: Static Data >> Access Rights >> Grant/Revoke Roles 2) Enter the login name of the relevant user in the ‘User’ subframe and click on the search button. 3) Select the role(s) you want to grant to the user in the ‘Roles’ frame 4) Click on the arrow (poiniting to the right) icon. Expected results The role is granted to the user. References T2S- UHB 2.5.6.10 Grant/Revoke Role - New/Edit Screen T2S- UHB 3.2.4.5 Assign a Role to a User T2S- UDFS 1.3.3.2.3 Configuration of roles Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0030 Function Grant privileges to a user Test category MAND Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions The user has been previously created. You are granted with the following privileges - ARQ_GrantedSysPrivilegesListQuery - ARQ_GrantObjectPrivilegesListQuery - ARM_GrantPrivilege The privilege to be granted does not overlap with any other privilege granted to the user via a privilege or role Description In the T2S GUI Screen: 1) Go to Static Data >> Access Rights >> Grant/Revoke Privileges 2) Enter the login name of the relevant user in the ‘User’ subframe. 3) Click on the search button. 4) Select the privillege(s) you want to grant to the user in the ‘Privileges’ frame. 5) Click on the arrow (grant) icon and a new window will be displayed 6) Select the chosen options (Deny, 4-eyes or Administration) from the prompt input additional data 7) Click on the ok button If an object privilege is to be granted: 8) Click on the arrow icon in the ‘Object’ column and The grant/revoke object privilege – new/edit screen will be displayed. 9) Select the single static data object or the secured group the privilege has to be granted to and enter all mandatory information in the ‘Object Privileges’ frame and click on the add and submit button. Expected Results The Privilege/s is/are granted to the user Authorisation test cases from Central Banks, release 3.1 of September 2015 References T2S- UHB 2.5.6.7 Grant/Revoke Object Privilege - New/Edit Screen T2S- UHB 3.2.4.4 Assign a Privilege to a User T2S- UDFS 1.3.3.1.2 Privileges Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0040 Function Extend a user data scope Test category COUS Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions To grant a privilege at object level, the privilege must first be granted at system level. Then a selection of objects on which the privilege must be applied. To grant an object privilege the object must be under the data scope of the party or granted to it. -Grant privilege ARM_GrantPrivilege -Granted system privileges list query ARQ_GrantedSysPrivilegesListQuery - Granted object privileges list query ARQ_GrantObjectPrivilegesListQuery Description The default data scope of each user can be extended or reduced on the basis of the actual business needs, by means of object privileges. Granting a user with a given privilege on a secured object (or on a secured group) results in extending the data scope of the user by adding the secured object (or the secured group) to the default data scope of the user. In the T2S GUI Screen: 1) Go to Static Data >> Access Rights >> Grant/Revoke Privileges 2) Enter the login name of the relevant user in the ‘User’ subframe. 3) Click on the search button. 4) Click on the arrow icon in the ‘Object’ column (the privilege will appear in yellow on the list) and the grant/revoke object privilege – new/edit screen will be displayed. 5) Select the single static data object or the secured group the privilege has to be granted to and enter all mandatory information in the ‘Object Privileges’ frame and click on the add and submit button. Expected result A user under the party scope is granted with the chosen object privilege, extending its data scope. Authorisation test cases from Central Banks, release 3.1 of September 2015 References UHB. V.2.0 2.5.6.7 Grant/Revoke Object Privilege. UHB V.2.0. 3.2.4.4 Grant a Privilege to a User UDFS 2.0 1.3.3.1.8 Data scope Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0050 Function Reduce user data Scope Test category COUS Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions The object to be denied must be under the data scope of the user or previously granted to it. -Revoke privilege ARM_RevokePrivilege -Granted system privileges list query ARQ_GrantedSysPrivilegesListQuery -Granted object privileges list query ARQ_GrantObjectPrivilegesListQuery Description The default data scope of each user can be extended or reduced on the basis of the actual business needs, by means of object privileges. Denying a user from a given privilege on a secured object (or on a secured group) results in reducing the data scope of the user by removing the secured object (or the secured group) from the default data scope of the user. In the T2S GUI Screen: 1) Go to Static Data >> Access Rights >> Grant/Revoke Privileges 2) Enter the login name of the relevant user in the ‘User’ subframe. 3) Click on the search button. 4) Click on the arrow icon in the ‘Object’ column (the privilege will appear in yellow on the list) and the grant/revoke object privilege – new/edit screen will be displayed. 5) Select the relevant object to be revoked from the data scope 6) Select the deny option for the relevant object and click on OK Expected results The user is prevented from performing the relevant system function on the object, thus reducing its data scope. References T2S-UHB. 2.0 2.5.6.7 Grant/Revoke Object Privilege - New/Edit Screen T2S-UDFS 2.0 1.3.3.1.8 Data scope Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0060 Function List Privilege Details Test category MAND Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions The user has the following privileges: - Privilege Query ARQ_PrivilegeQuery Description In the T2S GUI Screen: Static Data >> Access Rights >> Privileges 1. Select the status and/or the privilege type from the respective select boxes for the privileges you want to view details 2. Enter search criteria about that should be listed. 3. Click on the search button. A list containing the search results is displayed on the screen. 4. Check the detailed information about the privilege you want to view in the privileges list Expected results The privilege details are displayed References T2S-UHB 3.2.2.3 View Privilege Details T2S-UHB 2.5.6.13 Privileges - Search/List Screen T2S-UDFS 1.3.3.1.2 Privileges Authorisation test cases from Central Banks, release 3.1 of September 2015 Test ID AUTH-T2S-RIGMN-0070 Function Revoke a role to a user Test category MAND Apply to Directly Connected Account Holders Phase of the business day Day trade/Night Time Pre- conditions The user has previously be granted uploads/Industriel/ users-guide-testing.pdf