Before the team starts using CTP, the admin needs to define users and access levels. If accounts are not set up and properly synched with CTP, only the admin account will be able to log in to CTP.
Prerequisites
Parasoft user administration functionality is provided by the following applications:
- Parasoft DTP
- The separate pstsec.war (Parasoft User Administration) file shipped with CTP
Parasoft DTP is a development and testing analytics hub with built-in user management and licensing functionality. You can either configure CTP to leverage the user administration module included with DTP or deploy the pstsec.war file shipped with CTP. In either case, you can manually add users or synchronize user administration with your existing LDAP server and import them automatically.
About User Configuration
Every team member who will access CTP needs a user account. The level of access that each CTP user has depends on how that user account is configured.
You can define permissions on a per-user basis. Or, if you plan to have a common set of permissions shared across a group of users, you can define the permissions once in a user group, then simply assign users to that user group.
If you use Parasoft DTP, user configuration is performed in the User Administration module. To access this, browse to your team’s DTP interface, then choose User Administration from the settings menu.
If you are using the Parasoft User Administration module instead of Parasoft Concerto/DTP, ensure that it is installed and configured as described in Installing Parasoft User Administration.
Configuring CTP for User Authentication
Choose Security Configuration from the administration drop-down menu (gear icon) to access the controls for user administration. See Security Configuration for additional information.
Adding a User Group
To add a user group with a defined set of permissions:
- Click Groups> Add New.
- Specify the group name and description, then click Save.
- Open the Permissions & Hierarchy tab that appears.
- Select the appropriate access level as described in Specifying Access Levels.
- When you are done adding permissions, click Save.
Adding a User
To add a specific user account:
- Click Users> Add New.
- Specify new user details (login and password are required), then click Save.
- Open the Permissions & Groups tab that appears.
- Do one of the following:
- If you want this user to inherit the permissions defined in a group (as described in Adding a User Group), search for that group under the Add Group area, then drag the desired group over to the Group Membership area.
- If you want to directly specify the user’s access level, follow the procedure in Specifying Access Levels.
Tip
You can configure a user to inherit permissions from a group, then centrally adjust group permissions as needed.
- Click Add.
Specifying Access Levels
User access control is enabled on the SOAtest Server when you connect the SOAtest Server to a CTP that has security controls configured. This connection is made in the Parasoft> Continuous Testing Platform preferences page (see Integrating Virtualize Server and/or SOAtest Server with CTP).
User access control allows you to specify what actions each CTP user can perform on the SOAtest Servers that are connected to CTP. For example, you can determine which users are able to view and execute tests.
Note that these controls apply to all instances where SOAtest is accessed via its web service interface. This includes access from CTP and DTP, as well as direct access to the SOAtest web service API. Without successful user authentication, users will not be able to access the SOAtest web service interface.
Prerequisites
In order to set the access levels (admin, system, provision), you need to have one of the following installed:
Parasoft DTP
- Parasoft Concerto 4.8.2 or later
The separate pstsec.war (Parasoft User Administration) file alongside CTP
- Under tool, select em.
- Under Name, select role.
- Under Value, select the appropriate access level (see Understanding Roles and Permissions).
- Click Add.
Understanding Roles and Permissions
The following table describes roles and permissions available for CTP users:
Role | Testing privileges | Environment provisioning | System and env. definition | Control access permissions | Test Data Management |
---|---|---|---|---|---|
Administration Admins have permission to create, modify, and execute tests from CTP. This is full access. | All | Yes, always | Yes, always | Yes | Disconnect servers + all repository operations |
System System users can create, modify, and execute tests on resources with which they have access. This is full access. | All | Yes * | Yes * | No | All repository operations* |
Provision Provision users can execute test jobs for which they have access. This user role cannot create or save changes to test assets (test scenarios, jobs, etc.). They can modify environment variables for jobs to customize execution, but are not able to save the changes. | Can execute test jobs * | Yes * | No | No | Read-only access* |
Unspecified If the user is not assigned a specific role on CTP (provision, system, or admin)—but still successfully authenticates—he or she will be able to view test assets, jobs, and results. This is read-only access. | Read-only | No | No | No | No |
No Authentication If the user does not successfully authenticate, he or she will not be able to view test assets, start tests, view test status, or view test results on any SOAtest servers with user access control (e.g., any SOAtest server that is configured to connect to CTP). | No | No | No | No | No |
* With appropriate resource permissions—see Specifying Access to Specific Resources for details.
Synchronizing User and Group Settings with CTP
To make the defined user and group settings available in CTP:
- Log into CTP as an administrator-level user.
- Choose Security Configuration from the administration drop-down menu (gear icon).
- Specify the URL to the host where DTP or the PSTsec service is running.
- Click Save.
Specifying Access to Specific Resources
For any user without Administration privileges, the level of access to the available systems, environments, Virtualize/SOAtest servers, and Data Repository Servers depends on the permissions that have been set. Resources can be made available to all users, or access can be limited to certain user groups or specific users.
For instance, a user with the "provision" role can provision only designated or unrestricted environments—and can provision only to designated or unrestricted Virtualize/SOAtest servers. Moreover, that same user would see only the Data Repository Servers that are unrestricted or that he has been granted access to.
Click the Permissions link at the top of the page to open the Resource Permissions screen, which is the interface for specifying permissions.
Deactivating and Reactivating User Accounts
For details on how to deactivate and reactivate user accounts, see User Accounts.