Automated tests for User roles and permissions


I am new to Katalon. Hope anyone can provide me some guidance on developing the automated tests for the below.

We have an application where there are 5 User Types and 8 Roles. Each User type can be assigned to any one or multiple Roles. User Type + Roles define what permissions the User has within in the application (web pages and web elements, read only or edit etc.)

With my limited knowledge, I started creating test cases for couple of User types + Roles … but started creating one test case for each combination of permissions. Then I realised I will end up creating hundreds of test cases and will be difficult to maintain as well.

Could any one who has experience with the similar scenario, provide me some guidance and best practices ? Any links to similar demo projects is highly appreciated.

Thanks for your help in advance.

Ah… factorial math. Permutations and combinations always end up with n! in there somewhere.

Aside: There’s a good reason mathematicians chose the exclamation mark to denote factorial math :wink: the numbers get pretty large pretty quickly! You know there’s something to be wary of when 0! = 1 (!!!) :smile:

I’m not sure there are any best practices pertaining to your situation. My advice would be to write…

  1. A single test that exposes a single known bug. (Repeat).

  2. A generic test that encapsulates any class of bugs that have already been fixed (you’re watching for regressions here). (Repeat).

If you have a bug database to draw from, both of those should be easy (ish).

Lastly, you could treat the user/roles as a matrix (8x5 or 5x8) and draw a series of lines through the matrix testing each point on the line (e.g. user type 3, with role 6, etc). Perhaps the lines form a square around the grid and an X “through” it. You won’t be hitting all the possibilities (certainly not all the combinations) but it might be considered a reasonable sanity check.

Thanks for a great, thought-provoking question. I’m hoping some great (as yet unknown) stats wizard will reveal themselves and suggest something better.

Good luck!

1 Like

For testing access control functions, critical scenarios should be prioritized. For example, it would be unacceptable if a new user can access this forum’s dashboard.

1 Like