Under Community Review

Let me put under the community review.

Would also be nice to get feedback how customers does such testing currently.

Enhancing Permission Testing: Introducing Temporary Role Switching in the Content Management System

We often face challenges when testing permissions with non-admin accounts, particularly with the timely propagation of these changes in the UI. This can make it difficult to test and troubleshoot user roles and permissions effectively.

To address this, we propose a mechanism that allows users to temporarily assume different roles without permanently changing their own permissions. This would streamline the testing process and improve efficiency.

For example, I could temporarily assign myself a non-admin role to test specific permissions and views, without altering my actual admin permissions. This way, I can quickly switch between roles to ensure everything functions correctly from different user perspectives.

Implementing this feature would greatly enhance our ability to test and manage permissions within the Content Management System.

Andrew Ross
Parents

  • To help debugging rights and permissions issues, we're considering providing an option in the UI to see a user's effective group memberships, something that may otherwise not be easy to determine when using claims based security.

    For example:

    User Group memberships:
        'Everyone' (tcm:0-1-65568)
        'Information Designer' (tcm:0-10-65568)
        'Author' (tcm:0-11-65568)
        'Template Designer' (tcm:0-12-65568)
        'Editor' (tcm:0-13-65568)
        'Chief Editor' (tcm:0-14-65568)
        'Publication Manager' (tcm:0-15-65568)
        'Interaction Manager' (tcm:0-16-65568)
        'Business Process Type Manager' (tcm:0-17-65568)
        'Site Manager' (tcm:0-24-65568)
        'Developer' (tcm:0-25-65568)

    If reviewing the groups a user is in doesn't help resolve the problem, then as Nataliia suggested, a test account with the same group memberships could be set up for further testing/debugging.

    Would making this information available in the UI be helpful?
  • in reply to Nick Hill

    I believe exposing Group memberships would be highly beneficial. Thank you for providing the test user example; we've successfully used this approach for years. However, with our team now being leaner, this method is less efficient and requires the involvement of two resources instead of one, which impacts our ability to complete permission-based testing in a timely manner.

Comment
  • in reply to Nick Hill

    I believe exposing Group memberships would be highly beneficial. Thank you for providing the test user example; we've successfully used this approach for years. However, with our team now being leaner, this method is less efficient and requires the involvement of two resources instead of one, which impacts our ability to complete permission-based testing in a timely manner.

Children
No Data