Skip to content

Test Plan: Admin Effective Permission View

Version Date Author Change Description
1.0 2025-09-11 Senior QA Lead Initial Draft

1.0 Introduction

This document outlines the testing strategy for Feature 08: Admin Effective Permission View. This is a read-only administrative feature that allows authorized personnel to view a user's complete, calculated set of "effective permissions" and understand the source of each permission (i.e., whether it was assigned directly, inherited from a role, or inherited via a group).

This plan is based on the requirements defined in:

  • docs/features/08-admin-effective-permission-view/index.md (BRD)
  • docs/features/08-admin-effective-permission-view/use_case.md (Use Cases)

2.0 Scope

2.1 In Scope

  • Accessing the "Effective Permissions" view by an administrator with the admin:user:view_permissions permission.
  • Correctly displaying the comprehensive list of all permissions a user possesses.
  • For each permission, accurately displaying its source(s), such as:
  • "Direct Assignment"
  • "Inherited from Role: [Role Name]"
  • "Inherited from Group: [Group Name] -> Role: [Role Name]"
  • Correctly displaying multiple sources if a permission is granted in several ways.
  • Verifying that an administrator without the required permission cannot access this view.

2.2 Out of Scope

  • The backend logic for calculating permissions (this was tested in Feature 04).
  • Editing or managing permissions from this view.
  • Managing the users, roles, or groups themselves.

3.0 Test Strategy & Approach

  • Functional Testing: This will be the primary focus. Manual tests will be conducted using a variety of user accounts with simple and complex permission structures to validate the accuracy of the UI display.
  • UI/UX Testing: The view will be checked for clarity, readability, and ease of understanding for a non-technical administrator.
  • Security Testing: Tests will ensure that the view is properly protected by the admin:user:view_permissions permission.
  • Test Environments: QA, Staging.
  • Test Data: Requires the same complex, interconnected data set used in Feature 04 to test various inheritance paths.
  • admin_perm_viewer@example.com with admin:user:view_permissions.
  • admin_no_perm_viewer@example.com without admin:user:view_permissions.
  • user_direct_perm: User with doc:edit assigned directly.
  • user_role_perm: User in Editor Role which grants doc:edit.
  • user_group_perm: User in Editor Group, which is assigned Editor Role.
  • user_complex_perm: User with doc:print directly and in Editor Group (granting doc:edit).

4.0 Test Environment Requirements

  • Backend Service: The AuthService must be deployed with the gRPC endpoint for fetching a user's effective permissions.
  • Frontend Application: The web-based enterprise console must be deployed with the "Effective Permissions" UI implemented, likely as a tab on the "Edit User" page.
  • Supported Browsers: Google Chrome, Mozilla Firefox, Microsoft Edge (latest stable versions).
  • Database: The test database must be populated with the detailed test data matrix.

5.0 Test Cases

5.1 Permission Display and Source Verification

Test Case ID User Story Description Steps Expected Result
TC-VIEWP-001 US-13 Happy Path: View permission from a direct assignment. 1. Log in as admin_perm_viewer@example.com. \<br> 2. Navigate to the "Edit User" page for user_direct_perm. \<br> 3. Go to the "Effective Permissions" tab/view. The list contains the doc:edit permission. The source for this permission is clearly stated as "Direct Assignment".
TC-VIEWP-002 US-13 Happy Path: View permission from a role inheritance. 1. Follow steps 1-2 for the user user_role_perm. \<br> 3. Go to the "Effective Permissions" view. The list contains doc:edit. The source is stated as "Inherited from Role: Editor Role".
TC-VIEWP-003 US-13 Happy Path: View permission from a group and role inheritance. 1. Follow steps 1-2 for the user user_group_perm. \<br> 3. Go to the "Effective Permissions" view. The list contains doc:edit. The source is stated as "Inherited from Group: Editor Group -> Role: Editor Role".
TC-VIEWP-004 US-13 Functional: Verify display of multiple, distinct permissions. 1. Follow steps 1-2 for the user user_complex_perm. \<br> 3. Go to the "Effective Permissions" view. The list correctly displays both doc:print (with source "Direct Assignment") and doc:edit (with source "Inherited from Group: Editor Group -> Role: Editor Role").
TC-VIEWP-005 US-13 Negative: View a user with no special permissions. 1. Create or use a user with no roles, groups, or direct permissions. \<br> 2. View their "Effective Permissions". The permission list is empty, or it displays a message like "This user has no special permissions."

5.2 Access Control

Test Case ID User Story Description Steps Expected Result
TC-VIEWP-006 US-13 Security: User without permission cannot access the permissions view. 1. Log in as admin_no_perm_viewer@example.com. \<br> 2. Navigate to the "Edit User" page for any user. \<br> 3. Attempt to find the "Effective Permissions" tab or link. The "Effective Permissions" tab/link is not visible. Direct navigation to its URL (if known) should result in an "Unauthorized" or "Access Denied" error page.

6.0 UAT Scenarios

Scenario ID User Story Scenario Description Acceptance Criteria
UAT-VIEWP-01 US-13 An admin needs to troubleshoot why a user can't perform a certain action. When a user tells me they can't edit a document, I can go to their profile, look at their "Effective Permissions," and confirm that they are missing the doc:edit permission.
UAT-VIEWP-02 US-13 An admin needs to confirm why a user can perform an action they shouldn't be able to. When I suspect a user has too much access, I can go to their profile, view their permissions, and see exactly why they have a certain permission (e.g., "Oh, they are in the 'Admins' group").

7.0 Entry & Exit Criteria

7.1 Entry Criteria

  • All development for prerequisite features (especially 04 and 07) is complete and deployed to the QA environment.
  • All related unit tests are passing.
  • The QA database is populated with the required complex test data matrix.

7.2 Exit Criteria

  • All test cases in this plan have been executed.
  • 100% of Critical and High severity defects are closed.
  • UAT has been successfully completed and signed off by stakeholders.