Skip to content

Instantly share code, notes, and snippets.

Last active March 17, 2023 19:41
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
RBAC Test Plan

QA Test Plan


To ensure that the implemented Role-Based Access Control (RBAC) system meets the functional and non-functional requirements specified in the project scope and meets the expectations of stakeholders, we are outlining this test plan.

This project adds the following functionality to Sourcegraph:

  • Role management for Users
  • Permissions assignment for Roles
  • Access Control polcies for features (e.g Batch Changes)

The RBAC project is in Beta and currently only supported by the Batch Changes functionality. Part of the test plan will be targeted towards the Batch Changes functionality.

Test Plan

The test plan covers the RBAC system implemented in the project, which includes the following components:

  • Role management
  • Permissions management
  • Access Control based on permissions

Functional testing:

The introduction of RBAC hasn't affected a lot regarding how Sourcegraph works. The major introduction is permission checks which can be done at the resolver level or DB level.

With the introduction of RBAC, we now have permissions seeded automatically into all Sourcegraph instances that can be queried when needed. The permissions a user has is dependent on the roles they've been assigned.

We've used the feature ourselves a bunch while developing it, and found and fixed a number of bugs.

[ ] User (System) role can be modified.

[ ] Site Administrator role cannot be modified.

[ ] Roles can be created via the Site Admin Roles page.

[ ] Created roles can be modified.

[ ] Roles can be assigned to users via the User Management page.

[ ] When a user doesn't have the BATCH_CHANGES#WRITE permission, the Create Batch Change button in the Batch Changes page is disbaled.

[ ] When a user doesn't have the BATCH_CHANGES#WRITE permission, the Create Batch Change option from the search action menu should be disabled.

[ ] System roles cannot be assigned or unassigned via the Manage Role option.

[ ] Site Administrator role can only be assigned/unassigned by clicking the Promote to side admin or Revoke site admin option.

Integration testing:

Covered by functional testing, these tests are end-to-end.

Performance testing:

The initial work done so far is to support the Batch Changes functionality, we haven't tested with a much larger scale yet as we only support Batch Changes, however, we have improvement tickets filed to handle scaling in the future.

Security testing:

We've added unit tests for auth-related changes.

Usability testing:

We've had a couple of UX feedback but we will share this test plan with #ask-design once it's done so we can get more detailed feedback on things to improve.

Compatibility testing:

No code is deployment specific, so this doesn't apply.

QA Checklist

  1. Have you made any infra related changes to environment variables, new services, or deployment methods that could affect customers?

    • Yes - I've informed #team-cloud and #team-delivery of the changes.
    • Yes - Changelog or documentation has been updated, this includes changes to defaults and site config flags.
    • No

    If your change is non-trivial, please review the Cloud Launch process.

    If you've made changes to documentation, please link them in the comments below.


  2. Which environments have the changes been tested on?

    • other

    If other, please specify:

  3. Experimental features have been marked and behind a feature flag?

    • Yes
    • No
    • N/A

    If no, please specify why:

  4. Completed entry to release post.

    • Yes
    • No
    • N/A

Tech Lead/DRI sign off: @kalanchan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment