Forum Discussion

dbingel's avatar
dbingel
Frequent Visitor
2 years ago

Zephyr Scale Server: Configuration of permissions does affect access to the API

Hello all,

is it intended that configuration of access rights does not affect access to the API?

 

For testing purposes, we have created a Jira project with access to only one administrator and one group (Group A) as editors. Furthermore, we have created a user (TEST) who only belongs to another Jira group (Group B). In the Jira Project, Zephyr Scale is enabled and the project settings have been adjusted as follows:

  • Permission system is enabled -> ON
  • Only members of Group A can create test cases
  • Only members of Group A can execute test executions

Now when accessing the API and using the credentials of the user TEST for basic authentication, I can add a new execution via /testresult. However, I would expect that the user would not be able to add a new execution via API because of the missing permissions.

 

Further configurations were tried without success. Is there a way to deny a user access to the API?

 

General Information

  • Global Access Restrictions are off.
  • Affected Version: Zephyr Scale Server/Data Center 9.13.0

 

I look forward to your support.

Zephyr Scale Server
  • Bob_C's avatar
    Bob_C
    Contributor
    2 years ago

    I am interested in the response here too.  I have a similar issue (maybe the same?)

    I have Developers and Testers as 2 groups.

     

    If a tester finds an issue while testing, they will create a bug ticket in Jira, with a link to the test execution.  The developer can then see the details of the test execution.  However, the developer should NOT be able to modify the pass/fail status of the execution.

     

    How can I create read-only access in test executions for developers, but read-write access in test executions for testers.