Test Permissions of Guest/Training Accounts (OTG-IDENT-006)

Revision as of 08:35, 5 November 2013 by Andrew Muller (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Guest and Training accounts are useful ways to acquaint potential users with system functionality prior to them completing the authorisation process required for access. However, these accounts are often modeled on business roles and may be provisioned with access to more functionality than is required for the user.

Test objectives

Evaluate consistency between access policy and guest/training account access permissions

How to test


<insert some images of guest/training account instances>




Ensure the application returns consistent generic error messages in response to invalid account name, password or other user credentials entered during the login process.

Ensure default system accounts and test accounts are deleted prior to releasing the system into production (or exposing it to an untrusted network).