BMC Helix Remedyforce 20.19.01 patch 2 sandbox testing guidelines
BMC Helix Remedyforce 20.19.01 (Winter 19) Patch 2 contains a number of defect fixes to improve the product quality. It also includes improved checks on objects and fields for various user personas such as Staff and Client to further secure the application usage and prevent unwanted access. It is recommended that if you elect to self-upgrade, then first upgrade and test in your sandbox before pushing 20.19.01 Patch 2 to your production instances.
This document provides testing recommendations related to various defect fixes and security enhancements addressed in the BMC Helix Remedyforce 20.19.01 Patch 2 release. Note that these guidelines might not cover all customization or configuration that are specific to your organization. Hence, it is recommended that this document be used as a reference for understanding the possible product areas which might have undergone changes. Partners and customers are expected to not limit their validations to the ones mentioned in this documentation. They should also execute their test suites to ensure all the use cases important to their business continue to work as expected.
For more information on the release details, refer BMC Helix Remedyforce 20.19.01 Patch 2 release notes.
For more information about the testing guidelines, refer the following topics:
Testing guidelines for security enhancements
Improvised checks on the objects and fields for various supported personas have been added into this patch. This will further help in enhancing the application security. There should not be any impact if you are using OOTB (out of the box) permissions for various personas, however, it is recommended that you validate your key use cases related to customization using various personas such as Staff, Client, and Change Manager.
Product area / Feature | Sub feature | Recommended validation | Remediation if issues observed |
---|---|---|---|
Remedyforce Console | Create and Update: Incident, Service Request, and other modules | Create, Update, and Close actions continue to work without any impact. Note: It is recommended that you use a mix of Remedyforce fields and custom fields. | Give object permissions in Profile or Permission Set for Read, Create, and Edit actions of a record. For example, if you are on the Incident or Service Request form, the permissions should be given on the Incident object. |
Form | Perform validation on all the fields (for example, Staff lookup field in Assignment Details) to check if they appear on the form as desired. Ensure that the Read Only fields appear in Read mode and Editable fields appear in Edit mode. | For example, if on the Incident form you find some missing fields or Read Only fields, grant the Read or Edit permission to that persona. | |
Close Form | Ensure that the options such as Close Linked Tasks are available on the Close Form action of the respective modules. | If a label is not visible, grant the Read or Edit permission to the fields such as the ones in Incident on Close Tasks field. | |
Activity Feed | Perform validation on actions like adding a note and attachments from the Activity Feed. Validate adding notes and attachments from the Actions menu as well.
| For Example, in case of any issues in adding the notes or attachments from Activity Feed or Actions menu of the Incident form, grant the Read, Create, and Edit access to the Incident object. Note that, to add attachments, you need the Edit access on the parent object. | |
Details tab | Perform validation on linking of records. For Example, in Incident Details tab, the Select and Link Configuration Item and Assets to an Incident option. | In case of any issues in linking, grant the Create or Edit access. For example, grant the Create or Edit access to the Incident object for that persona. | |
SmartView | Expand all the related nodes (such as Task, Change Request, Problem, CMDB) and check the records details. | If there are fields missing in Record Details, then grant the Read or Edit access to the object and the missing fields as per the persona. For example, the OOTB (out of the box) behavior for a Staff user is to allow viewing of the Change Request fields but not editing them. | |
View/Create Change Request | Users with Change Manager persona should be able to create and edit a change request record. | As per the persona grant the Read and Edit access on the Change Request object. | |
View/Create Releases | Users with Release Manager persona should be able to create and edit a release record. | As per the persona grant the Read and Edit access on the Release object. | |
Self Service 3.0
| Create/Copy/Edit/Close Incident with and without attachments | Perform the following validations:
| Grant the Create and Edit access to the Incident object. For attachments grant the Read, Create, and Edit access to the Temporary Attachments object. |
Create/Copy/Edit/Close Service Request with attachments
| Perform the following validations:
|
| |
Category lookup field on the Incident form | Perform the following validations:
| If you cannot see the categories, grant the Read Access permission to the Parent Tree field of the Category object for ServiceDesk Client Profile or client's Permission Set. | |
View Knowledge Article | Perform the following validations:
|
| |
Manage Approvals | In pending approvals, you should be able to see more details of the fields that you have added through configuration. The Client user should be able to Approve, Reject, Reassign and View history in case you are using custom permission. | If fields are missing in the Approval list or in Show Details section, then give Read permission for the user's persona. | |
Broadcast, Custom Tile Links, My Assets, Service Health | Verify if the client user can see Broadcasts, Broadcast Messages, Custom Tile links, View My Assets, View Service Health on the Self Service Home screen. | If you are using custom profiles or permission sets, ensure that Read permission is granted on the Broadcast object and its fields. | |
Self Service Mobile Application | Create, Update Incident, Task for Analyst. Create Ticket for Self Service application | Perform the following validations:
|
|
Sample testing scenarios for security enhancements
Perform validations whenever you see any of the following scenarios:
- Any field(s) which were visible earlier on the form but are not visible now.
Reason: Those fields might be missing the Read or Edit field level permissions.
Fix: Grant appropriate permissions to those fields which are missing.
You receive error message, such as
Insufficient permissions on specific field
while performing any operation.
Refer to the following screenshots:
Reason: Insufficient object or field level permission.
Fix: Grant appropriate permissions on that object or field to the persona as displayed in the error message.
If you see any unexpected behavior for any of the feature(s).
Reason: Permissions on the object or fields driving that feature may be missing.
Fix: Basic objects or fields involved for proper functioning of that feature as described in above scenarios. Granting basic permissions might resolve the issue.
Using OOTB (out of the box) permission sets provided for that persona should fix the issue. If the issue persists, please contact the BMC support team.
Testing guidelines based on defect fixes
Product area / Feature | Sub feature | Recommended validation |
---|---|---|
Remedyforce Administration | Perform the following validations:
| |
Remedyforce Console | Staff Queue Assignment | Perform the validation for the following areas:
|
Service Level Agreement | Perform validation for the following areas:
| |
Activity Feed | Perform validation for the Email Actions and Notes. | |
Email Conversation | Perform validation for the following:
| |
CMDB | Perform validation for the Custom fields with Read or Edit mode to see if the values are correctly populated. | |
Self Service 3.0 | Tickets and Requests | Perform validation for the following areas:
|
Tiles | Perform validation for the custom tile redirecting to the correct URL, if there are any configured. | |
Supported Localized organisations including Hebrew (Non English) | Perform validation for the following (UI distortion):
| |
Self Service Mobile Application | Perform actions such as create tickets and service requests and then validate the below tiles by applying filters:
|
Comments
Log in or register to comment.