Zephyr Scale Server: Configuration of permissions does affect access to the API
is it intended that configuration of access rights does not affect access to the API?
For testing purposes, we have created a Jira project with access to only one administrator and one group (Group A) as editors. Furthermore, we have created a user (TEST) who only belongs to another Jira group (Group B). In the Jira Project, Zephyr Scale is enabled and the project settings have been adjusted as follows:
- Permission system is enabled -> ON
- Only members of Group A can create test cases
- Only members of Group A can execute test executions
Now when accessing the API and using the credentials of the user TEST for basic authentication, I can add a new execution via /testresult. However, I would expect that the user would not be able to add a new execution via API because of the missing permissions.
Further configurations were tried without success. Is there a way to deny a user access to the API?
- Global Access Restrictions are off.
- Affected Version: Zephyr Scale Server/Data Center 9.13.0
I look forward to your support.
Zephyr Scale Server
I am interested in the response here too. I have a similar issue (maybe the same?)
I have Developers and Testers as 2 groups.
If a tester finds an issue while testing, they will create a bug ticket in Jira, with a link to the test execution. The developer can then see the details of the test execution. However, the developer should NOT be able to modify the pass/fail status of the execution.
How can I create read-only access in test executions for developers, but read-write access in test executions for testers.