ATF: Test to ensure users do not have access to records

Rohit Shetty · ‎09-01-2022

We currently have security rules in place that does not allow a custom roled user to view Incidents of type "Network"

I wanted to see if there is a way to create an ATF for this? So far I was able to

Step 1: Impersonate the custom roled user
Step 2: Record Query: Incidents [type=Network]

Not sure if there should be a run script to ensure that step 2 returns 0 records or is there any other way to do this?

Akif_Shah · ‎09-01-2022

There is an easier way to achieve this. On your record query step, you can set the field "Assert Type" to No records match the query.

If this is true, your test will pass, if there were any records found then your test will fail.

View solution in original post

Akif_Shah · ‎09-01-2022

There is an easier way to achieve this. On your record query step, you can set the field "Assert Type" to No records match the query.

If this is true, your test will pass, if there were any records found then your test will fail.

Kohei Tominaga1 · ‎11-08-2023

Hi, Akif

I have tried this way to validate if a read acl is working on the HR case table.

However, the impersonated user could find the record created in the Test while the record query step.
Query condition is "Sys ID = xxxxxxxx". The sys_id is dynamically set by data picker.
Do you have any information around this?

Akif_Shah · ‎11-13-2023

Hi, If you are using the "Record Query" step then you need to make sure the enforce security checkbox is checked on the step. If you already have that checked and the user is still able to read the record then that means the ACLs allow the user to have read access.

Kohei Tominaga1 · ‎11-13-2023

Thank you!! After making that field to true, ATF is working fine!!