How to test Access Control Limits (ACLs)?
In built sanity checks for complex ACLs rules.
Overview
Access Control Limits (ACLs) are the expression of the systems information security policies, they can be complex in their nature and vital to not only be correct but also to be seen as correct. The ACLs sanity checks allow for this business level visibility to the information security policies.
All sanity checks in the base product are run as part of the system build process which does not proceed if there are any failures.
The sanity checks allow for dummy data to be generated ( but not saved) and the current ACLs are checked against this dummy data.
The sanity check cases can be marked as expecting a certain number of rows to be returned by a query or to expect ( or not) an access exception if an modification is made.
Each sanity case allows a dummy login to be created as part of the sanity check at a certain access level and for the dummy person to be a member of a set of groups.
More complex set ups of clients can be done in the setup SQL using the special variables ${LOGIN_ID} and ${PERSON_ID}.
Sanity Check report
Sanity Group