This article describes the permission’s functionalities that exists in Quality Center.
The first thing you have to be aware when customizing a Quality Center project is that permission settings are not defined in a single location but are spread in different parts of the customization sections. You might wonder why such a decision has been made? Even though, the location of these settings have some “reasonable” sense, I believe this complexifies the tasks of securing access to the project data.
Anyway, this is how it is so let’s start examining these settings.
All the security settings are defined in the Customization (accessible through Tools > Customize…).
The different sections where you can affect user’s permissions are:
• Set Up Project Users
• Set Up Groups
• Customize Module Access
• Set Up Workflow
• Script Generator - Add Defect Field Customization
• Script Generator - Defect Details Field Customization
• Script Editor
Let’s first start with setting up the Group.
Set Up Groups
On a fresh project, there are always 5 default groups that are already defined:
• Developer
• Project Manager
• QATester
• TDAdmin
• Viewer
These groups cannot be customized and cannot be removed from the project. In order to tailor the group permissions to your project, you need to create new groups. With these new groups, you will be able to customize their settings. When creating a new group, you need to indicate from which group you want to duplicate the initial settings. This can be useful especially if your new group has similar settings from another group.
Once created, you can amend its settings by selecting Change permissions. This will bring a new window divided into tabs for each Quality Center module:
• Requirements
• Business Components (optional)
• Test Plan
• Test Lab
• Defects
• Administration (customization module permissions)
For each module you will find similar settings where you can allow (if checked) or disable (unchecked) permissions for different aspects of the module.
There are usually 3 actions Add/Modify/Delete which gives you control on a group basis.
For the Delete action, you can specify that only the owner can delete the object (’Can be deleted by owner only’ checkbox).
For the Modify action, you can even define finer rules. For each field, you can restrict modification permissions to the owner only (’Can be modified by owner only’ checkbox) and, for fields defined by lists, you can specify transition rules (i.e. define a transition workflow). This last point is particularly interesting for workflow based transitions such as Status where the designer wants the user to follow a predefined path (for instance, a defect Status cannot be set as Fixed unless the testing team has validated it beforehand by setting its Status as Validated).
For the Test Plan, Test Lab and Defect tabs, you may have noticed a “Data-Hiding Filter” link. These are extra security settings and will bring another window with further customization settings.
First, you can set filtering conditions. By defining a filter, you limit the visibility scope a group has. As an example, imagine you have different teams who are accessing a QC project:
• Team 1: this team have access to some confidential technology and consequently is not accessible to everyone.
• Team 2: these are the outsourced testers who can log defects
To separate the defects that are confidential from the one that are not, a field called “Confidentiality Grade” has been created and this field contains 2 values “1-High” and “2-Low”.
If you are defining a user group for the Team 2 then you set a fiter for the “Confidentiality Grade” field with “2-Low” as the filter. By doing this, any user that is only part of this group will not see any defect with grade “1-High”.
Secondly, you can also hide fields from the user. This prevents a user from seeing values he shouldn’t.
Showing posts with label Quality Center. Show all posts
Showing posts with label Quality Center. Show all posts
Tuesday, September 7, 2010
Thursday, September 2, 2010
What is ER Diagram
The Entity-Relationship (ER) model was originally proposed by Peter in 1976 [Chen76] as a way to unify the network and relational database views.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
model was originally proposed by Peter in 1976 [Chen76] as a way to unify the network and relational database views.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
model was originally proposed by Peter in 1976 [Chen76] as a way to unify the network and relational database views.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
What is ETL
ETL is a short for Extract, Transform and Load. It is a data integration function that involves extracting the data from outside sources , transforming it into business needs and ultimately loading it into a datawarehouse
ETL is an abbreviation for "Extract, Transform and Load".This is the process of extracting data from their operational data sources or external data sources, transforming the data which includes cleansing, aggregation, summarization, integration, as well as basic transformation and loading the data into some form of the data warehouse.
E: Extraction of data from the homogeneous/heterogenous sources.
T: Transforming/modifying the source data by applying some transformations like Filter, Expression, Router, Joiner,
L: Loading the Transformed data into corresponding Target tables.
ETL is an abbreviation for "Extract, Transform and Load".This is the process of extracting data from their operational data sources or external data sources, transforming the data which includes cleansing, aggregation, summarization, integration, as well as basic transformation and loading the data into some form of the data warehouse.
E: Extraction of data from the homogeneous/heterogenous sources.
T: Transforming/modifying the source data by applying some transformations like Filter, Expression, Router, Joiner,
L: Loading the Transformed data into corresponding Target tables.
Wednesday, September 1, 2010
How to run QTP Scripts from QC
Open QC,
Create a new Subject in Test Plan
Then place all your QTP scripts in folder
Open QTP and file - > Quality Center Connection
Enter url
Connect
Enter QC UserID and Password
Project : Domain & Project
Open the script you wish to run, click on File - > Save As ....select Quality Center button in the right botton corner
Seelct the relevant subject folder created before in QC
Click on OK
Login to QC, in Test lab, select the testscripts uploaded and click on Run
Create a new Subject in Test Plan
Then place all your QTP scripts in folder
Open QTP and file - > Quality Center Connection
Enter url
Connect
Enter QC UserID and Password
Project : Domain & Project
Open the script you wish to run, click on File - > Save As ....select Quality Center button in the right botton corner
Seelct the relevant subject folder created before in QC
Click on OK
Login to QC, in Test lab, select the testscripts uploaded and click on Run
Saturday, August 15, 2009
What is VLDB
The perception of what constitutes a VLDB continues to grow. A one terabyte database would normally be considered to be a VLDB
What is ETL
ETL is a short for Extract, Transform and Load. It is a data integration function that involves extracting the data from outside sources , transforming it into business needs and ultimately loading it into a datawarehouse
ETL is an abbreviation for "Extract, Transform and Load".This is the process of extracting data from their operational data sources or external data sources, transforming the data which includes cleansing, aggregation, summarization, integration, as well as basic transformation and loading the data into some form of the data warehouse.
E: Extraction of data from the homogeneous/heterogenous sources.
T: Transforming/modifying the source data by applying some transformations like Filter, Expression, Router, Joiner, Union (or) Lookup.
L: Loading the Transformed data into corresponding Target tables.
ETL is an abbreviation for "Extract, Transform and Load".This is the process of extracting data from their operational data sources or external data sources, transforming the data which includes cleansing, aggregation, summarization, integration, as well as basic transformation and loading the data into some form of the data warehouse.
E: Extraction of data from the homogeneous/heterogenous sources.
T: Transforming/modifying the source data by applying some transformations like Filter, Expression, Router, Joiner, Union (or) Lookup.
L: Loading the Transformed data into corresponding Target tables.
What is the Difference between OLTP and OLAP
OLTP
Current data
Short database transactions
Online update/insert/delete
Normalization is promoted
High volume transactions
Transaction recovery is necessary
OLAP
Current and historical data
Long database transactions
Batch update/insert/delete
Denormalization is promoted
Low volume transactions
Transaction recovery is not necessary
OLTP is nothing but OnLine Transaction Processing ,which contains a normalised tables and online data,which have frequent insert/updates/delete.
But OLAP(Online Analtical Programming) contains the history of OLTP data, which is, non-volatile ,acts as a Decisions Support System and is used for creating forecasting reports.
Index
OLTP : FEW
OLAP : MANY
JOINS
OLTP : MANY
OLAP : FEW
oltp:
1.current data only
2.insert,update,delete operations are possible
3.continous changing of data
4.1 year data is present
5.only one record is processed at a time
6.data is present in 2d format
olap:
1.current+historical data
2.used for reprting and analysis
3.non volatile in nature
4.5-30 yrs of data is stored
5.group of records processed at a time
6.data is present in muti dim format
Current data
Short database transactions
Online update/insert/delete
Normalization is promoted
High volume transactions
Transaction recovery is necessary
OLAP
Current and historical data
Long database transactions
Batch update/insert/delete
Denormalization is promoted
Low volume transactions
Transaction recovery is not necessary
OLTP is nothing but OnLine Transaction Processing ,which contains a normalised tables and online data,which have frequent insert/updates/delete.
But OLAP(Online Analtical Programming) contains the history of OLTP data, which is, non-volatile ,acts as a Decisions Support System and is used for creating forecasting reports.
Index
OLTP : FEW
OLAP : MANY
JOINS
OLTP : MANY
OLAP : FEW
oltp:
1.current data only
2.insert,update,delete operations are possible
3.continous changing of data
4.1 year data is present
5.only one record is processed at a time
6.data is present in 2d format
olap:
1.current+historical data
2.used for reprting and analysis
3.non volatile in nature
4.5-30 yrs of data is stored
5.group of records processed at a time
6.data is present in muti dim format
What is ER Diagram?
ER - Stands for entitity relationship diagrams. It is the first step in the design of data model which will later lead to a physical database design of possible a OLTP or OLAP database
The Entity-Relationship (ER) model was originally proposed by Peter in 1976 [Chen76] as a way to unify the network and relational database views.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
The Entity-Relationship (ER) model was originally proposed by Peter in 1976 [Chen76] as a way to unify the network and relational database views.
Simply stated the ER model is a conceptual data model that views the real world as entities and relationships. A basic component of the model is the Entity-Relationship diagram which is used to visually represents data objects.
Since Chen wrote his paper the model has been extended and today it is commonly used for database design For the database designer, the utility of the ER model is:
it maps well to the relational model. The constructs used in the ER model can easily be transformed into relational tables.
it is simple and easy to understand with a minimum of training. Therefore, the model can be used by the database designer to communicate the design to the end user.
In addition, the model can be used as a design plan by the database developer to implement a data model in a specific database management software.
How to Run Scripts/Cases in QC
Firstly we got to download Mercury Quality Center Connectivity Addin and QuickTest Professional Addin
Open QC,
Create a new Subject in Test Plan
Then place all your QTP scripts in folder
Open QTP and file - > Quality Center Connection
Enter url
Connect
Enter QC UserID and Password
Project : Domain & Project
Open the script you wish to run, click on File - > Save As ....select Quality Center button in the right botton corner
Seelct the relevant subject folder created before in QC
Click on OK
Login to QC, in Test lab, select the testscripts uploaded and click on Run
Open QC,
Create a new Subject in Test Plan
Then place all your QTP scripts in folder
Open QTP and file - > Quality Center Connection
Enter url
Connect
Enter QC UserID and Password
Project : Domain & Project
Open the script you wish to run, click on File - > Save As ....select Quality Center button in the right botton corner
Seelct the relevant subject folder created before in QC
Click on OK
Login to QC, in Test lab, select the testscripts uploaded and click on Run
Password checking
This week, I will make a short article regarding how to ensure the user has set a password long enough.
As you know, there is no password checking in Quality Center, and even a blank password is still considered as a valid password. If you have already installed the Quality Center Demo project, you are aware that the default users ‘alice_qc’, ‘cecil_qc’ and al. all have a blank password.
If you have some system administration background, you also certainly know that this is bad practice (very bad, to be exact).
So, now, the question is ‘How to check a user’s password?’ Good question and I will answer that in the next paragraphs.
If you remember from last week, the workflow provides a set of event functions where you can control the behavior of Quality Center. The one that interest us today is Project_CanLogin. Indeed, this function has the following prototype:
Function Project_CanLogin(DomainName, ProjectName, UserName)
where:
• DomainName: Name of the domain the user is trying to log in
• ProjectName: Name of the project the user is trying to log in
• UserName: Name of the user who is trying to log in
• and more importantly, this function returns a boolean value that indicates if you accept or not this user. False, for stay away from my project
Now, we can deny access to a user but we still cannot check his password. But this can be quickly resolved. There is an object called TDConnection (nearly the same as in the OTA API) that has an interesting property called Password.
If you try to do the following in Project_CanLogin then you will see your password:
MsgBox TDConnection.Password
We now have all the building blocks for solving the issue:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Else
Project_CanLogin = True
End If
End Function
OK, not too bad but maybe we can go a little bit further. Now, we can even enforce a length of minimum 8 characters and force the user to change his or her password if the size is incorrect. The full script is below:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Exit Function
ElseIf Len(TDConnection.Password) < 8 Then
MsgBox “Your password length is too short. You have to change your password now and log in again.”, 0, “Error”
Project_PasswordChange UserName
Project_CanLogin = False
Exit Function
End If
Project_CanLogin = True
End Function
Sub Project_PasswordChange(UserName)
OldPassword = InputBox(“Type in your old password:”, “Password Change”)
Select Case OldPassword
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
End Select
NewPassword1 = InputBox(“Type a new password with 8 or more characters:”, “Password Change”)
Select Case NewPassword1
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
Case Else
If Len(NewPassword1) < 8 Then
MsgBox “Your password is too short, please type a longer password.”, 0, “Error”
Project_PasswordChange UserName
Exit Sub
End If
End Select
NewPassword2 = InputBox(“Retype your new password:”, “Password Change”)
If NewPassword1 = NewPassword2 Then
On Error Resume Next
TDConnection.ChangePassword OldPassword, NewPassword1
If Err.Number <> 0 Then
MsgBox “Your password was not changed:” & vbNewLine & Err.Description, 0, “Error”
Else
MsgBox “Your password has been successfully changed”, 0, “Information”
End If
On Error GoTo 0
Else
MsgBox “Password is invalid.”, 0, “Error”
End If
End Sub
That’s it for today. One last remark: anything you define in the workflow only applies to 1 project. So, if you want to impose this rule to all your projects, you have to copy this code in all the workflows.
As you know, there is no password checking in Quality Center, and even a blank password is still considered as a valid password. If you have already installed the Quality Center Demo project, you are aware that the default users ‘alice_qc’, ‘cecil_qc’ and al. all have a blank password.
If you have some system administration background, you also certainly know that this is bad practice (very bad, to be exact).
So, now, the question is ‘How to check a user’s password?’ Good question and I will answer that in the next paragraphs.
If you remember from last week, the workflow provides a set of event functions where you can control the behavior of Quality Center. The one that interest us today is Project_CanLogin. Indeed, this function has the following prototype:
Function Project_CanLogin(DomainName, ProjectName, UserName)
where:
• DomainName: Name of the domain the user is trying to log in
• ProjectName: Name of the project the user is trying to log in
• UserName: Name of the user who is trying to log in
• and more importantly, this function returns a boolean value that indicates if you accept or not this user. False, for stay away from my project
Now, we can deny access to a user but we still cannot check his password. But this can be quickly resolved. There is an object called TDConnection (nearly the same as in the OTA API) that has an interesting property called Password.
If you try to do the following in Project_CanLogin then you will see your password:
MsgBox TDConnection.Password
We now have all the building blocks for solving the issue:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Else
Project_CanLogin = True
End If
End Function
OK, not too bad but maybe we can go a little bit further. Now, we can even enforce a length of minimum 8 characters and force the user to change his or her password if the size is incorrect. The full script is below:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Exit Function
ElseIf Len(TDConnection.Password) < 8 Then
MsgBox “Your password length is too short. You have to change your password now and log in again.”, 0, “Error”
Project_PasswordChange UserName
Project_CanLogin = False
Exit Function
End If
Project_CanLogin = True
End Function
Sub Project_PasswordChange(UserName)
OldPassword = InputBox(“Type in your old password:”, “Password Change”)
Select Case OldPassword
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
End Select
NewPassword1 = InputBox(“Type a new password with 8 or more characters:”, “Password Change”)
Select Case NewPassword1
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
Case Else
If Len(NewPassword1) < 8 Then
MsgBox “Your password is too short, please type a longer password.”, 0, “Error”
Project_PasswordChange UserName
Exit Sub
End If
End Select
NewPassword2 = InputBox(“Retype your new password:”, “Password Change”)
If NewPassword1 = NewPassword2 Then
On Error Resume Next
TDConnection.ChangePassword OldPassword, NewPassword1
If Err.Number <> 0 Then
MsgBox “Your password was not changed:” & vbNewLine & Err.Description, 0, “Error”
Else
MsgBox “Your password has been successfully changed”, 0, “Information”
End If
On Error GoTo 0
Else
MsgBox “Password is invalid.”, 0, “Error”
End If
End Sub
That’s it for today. One last remark: anything you define in the workflow only applies to 1 project. So, if you want to impose this rule to all your projects, you have to copy this code in all the workflows.
Quality Center API
The manipulation API is called Quality Center API and allows the interaction with Quality Center. It also allows you to interact with the database through the API making the interactions more secure. Also, it avoids your DBA (DataBase Administrator) having to provide an access to the database server(s) hosting the Quality Center database(s).
The API has only 1 entry point which is the TDConnection object. From this object, you can access a lot of Quality Center functionalities. The API functions are accessible through VBScript and any COM aware programming languages. It means that you can use this API as a standalone .VBS application, a macro in an Excel file, a script in QuickTest Professional or any other application where you would like to integrate such functionalities.
As an example, we are going to download all the defects that are stored on a Quality Center project using the Excel application.
The steps involve:
1. Connect to the project
2. Run a query to retrieve a list of defects
3. Store the result in an Excel worksheet
1. Connect to the project
Each project stored in a Quality Center server is identified by its pair Domain/Project and a project is accessible only if the user belongs to this project. The connection to a server can be done by using only 4 lines of code:
Dim QCConnection
‘ Return the TDConnection object.
Set QCConnection = CreateObject(“TDApiOle80.TDConnection”)
QCConnection.InitConnectionEx “http:///qcbin”
QCConnection.login “”, “”
‘ DEFAULT = Domain, QualityCenter_Demo = Project
QCConnection.Connect “DEFAULT”, “QualityCenter_Demo”
2. Execute a query
To execute a query in Quality Center, you have several options available.
The first one is to use the Command object. This object can run SQL queries for any Quality Center table. However, you need to be aware of what table to query and make sure you know what you do because you can mess up Quality Center. Also, this Command object can be used only if you are part of the TDAdmin group in this project.
The second one is to use a Factory object. The factory object returns objects that are part of the API, restricting the user from making mistakes. This is the method we’ll be using in this article. To access the defects, we are using the BugFactory:
Dim BugFactory, BugList
Set BugFactory = QCConnection.BugFactory
Set BugList = BugFactory.NewList(“”) ‘ Get a list of all the defects.
3. Store the result in an Excel worksheet.
We assume that you are running this script from a VBS file. Consequently, we have to open Excel first, then store the data in an Excel worksheet:
Dim Bug, Excel, Sheet
Set Excel = CreateObject(“Excel.Application”) ‘ Open Excel
Excel.WorkBooks.Add() ‘ Add a new workbook
‘ Get the first worksheet.
Set Sheet = Excel.ActiveSheet
Dim Bug, Row
Row = 1
‘ Iterate through all the defects.
For Each Bug In BugList
‘ Save a specified set of fields.
Sheet.Cells(Row, 1).Value = Bug.Field(“BG_BUG_ID”)
Sheet.Cells(Row, 2).Value = Bug.Summary
Sheet.Cells(Row, 3).Value = Bug.DetectedBy
Sheet.Cells(Row, 4).Value = Bug.Priority
Sheet.Cells(Row, 5).Value = Bug.Status
Sheet.Cells(Row, 6).Value = Bug.AssignedTo
Row = Row + 1
Next
‘ Save the newly created workbook and close Excel.
Excel.ActiveWorkbook.SaveAs(“c:\QualityCenter_Demo_DEFECTS.xls”)
Excel.Quit
The API has only 1 entry point which is the TDConnection object. From this object, you can access a lot of Quality Center functionalities. The API functions are accessible through VBScript and any COM aware programming languages. It means that you can use this API as a standalone .VBS application, a macro in an Excel file, a script in QuickTest Professional or any other application where you would like to integrate such functionalities.
As an example, we are going to download all the defects that are stored on a Quality Center project using the Excel application.
The steps involve:
1. Connect to the project
2. Run a query to retrieve a list of defects
3. Store the result in an Excel worksheet
1. Connect to the project
Each project stored in a Quality Center server is identified by its pair Domain/Project and a project is accessible only if the user belongs to this project. The connection to a server can be done by using only 4 lines of code:
Dim QCConnection
‘ Return the TDConnection object.
Set QCConnection = CreateObject(“TDApiOle80.TDConnection”)
QCConnection.InitConnectionEx “http:///qcbin”
QCConnection.login “
‘ DEFAULT = Domain, QualityCenter_Demo = Project
QCConnection.Connect “DEFAULT”, “QualityCenter_Demo”
2. Execute a query
To execute a query in Quality Center, you have several options available.
The first one is to use the Command object. This object can run SQL queries for any Quality Center table. However, you need to be aware of what table to query and make sure you know what you do because you can mess up Quality Center. Also, this Command object can be used only if you are part of the TDAdmin group in this project.
The second one is to use a Factory object. The factory object returns objects that are part of the API, restricting the user from making mistakes. This is the method we’ll be using in this article. To access the defects, we are using the BugFactory:
Dim BugFactory, BugList
Set BugFactory = QCConnection.BugFactory
Set BugList = BugFactory.NewList(“”) ‘ Get a list of all the defects.
3. Store the result in an Excel worksheet.
We assume that you are running this script from a VBS file. Consequently, we have to open Excel first, then store the data in an Excel worksheet:
Dim Bug, Excel, Sheet
Set Excel = CreateObject(“Excel.Application”) ‘ Open Excel
Excel.WorkBooks.Add() ‘ Add a new workbook
‘ Get the first worksheet.
Set Sheet = Excel.ActiveSheet
Dim Bug, Row
Row = 1
‘ Iterate through all the defects.
For Each Bug In BugList
‘ Save a specified set of fields.
Sheet.Cells(Row, 1).Value = Bug.Field(“BG_BUG_ID”)
Sheet.Cells(Row, 2).Value = Bug.Summary
Sheet.Cells(Row, 3).Value = Bug.DetectedBy
Sheet.Cells(Row, 4).Value = Bug.Priority
Sheet.Cells(Row, 5).Value = Bug.Status
Sheet.Cells(Row, 6).Value = Bug.AssignedTo
Row = Row + 1
Next
‘ Save the newly created workbook and close Excel.
Excel.ActiveWorkbook.SaveAs(“c:\QualityCenter_Demo_DEFECTS.xls”)
Excel.Quit
QC Architecture
The QC Client/Server architecture is a 3-tier architecture (web server, application server and database server). The figure below shows the interaction between the components. They consist of:
• Client application: the QC GUI front-end that you use when accessing Quality Center through your browser. Or any other application that communicates with QC using the API;
• Web server: the QC communication between the client and the server are performed using the HTTP protocol;
• Application server: by default, the JBOSS application server is installed with Quality Center. the QC application is built using Java and requires a J2EE application server. The J2EE platform is particularly well designed for client/server applications over the Internet
• Quality Center application: developed to be executed on a J2EE application server;
• Database Server: the database that holds the Quality Center information.
• Client application: the QC GUI front-end that you use when accessing Quality Center through your browser. Or any other application that communicates with QC using the API;
• Web server: the QC communication between the client and the server are performed using the HTTP protocol;
• Application server: by default, the JBOSS application server is installed with Quality Center. the QC application is built using Java and requires a J2EE application server. The J2EE platform is particularly well designed for client/server applications over the Internet
• Quality Center application: developed to be executed on a J2EE application server;
• Database Server: the database that holds the Quality Center information.
OTA, an API for extending Quality Center
OTA is:
1. An integration API that allows the integration of any third-party tool within Quality Center;
2. A manipulation API that permits the interaction with the Quality Center application without having to use the GUI frontend.
We will not talk about the integration API so if you are interested in learning more, log on your QC server then select Help > Documentation and read the OTA Guide.
1. An integration API that allows the integration of any third-party tool within Quality Center;
2. A manipulation API that permits the interaction with the Quality Center application without having to use the GUI frontend.
We will not talk about the integration API so if you are interested in learning more, log on your QC server then select Help > Documentation and read the OTA Guide.
Quality Center security issue
A severe security issue in Quality Center has been discovered by Exposit Limited. This issue can be used to corrupt Quality Center data or gain project administrator privileges.
The problem has been discovered in version 9.0 of Quality Center and it affects all the releases up to public patch 16. The issue also exists in version 9.2 up to latest public patch 3. We haven’t tested earlier releases of the product but we strongly believe that they are affected by the same issue.
Customers using Quality Center 9.0 or below are advised to upgrade to at least Quality Center 9.0 patch 16 in order to minimize the impact of this issue. Patch 16 and patch 18 limit the effect of the defect.
Customers using Quality Center 9.2 are also at risk of data corruption and should wait for a patch from HP Customer Support.
The issue has been reported to security instances under reference CVE-2007-5289 and vulnerability disclosure is being coordinated with the vendor (HP).
We will keep you updated as soon as a patch becomes available.
The problem has been discovered in version 9.0 of Quality Center and it affects all the releases up to public patch 16. The issue also exists in version 9.2 up to latest public patch 3. We haven’t tested earlier releases of the product but we strongly believe that they are affected by the same issue.
Customers using Quality Center 9.0 or below are advised to upgrade to at least Quality Center 9.0 patch 16 in order to minimize the impact of this issue. Patch 16 and patch 18 limit the effect of the defect.
Customers using Quality Center 9.2 are also at risk of data corruption and should wait for a patch from HP Customer Support.
The issue has been reported to security instances under reference CVE-2007-5289 and vulnerability disclosure is being coordinated with the vendor (HP).
We will keep you updated as soon as a patch becomes available.
QC Project Management version 2.00
A new version of QC Project Management has been released today.
The existing features have been improved especially regarding performance. Also, you will find some new handy functionalities such as:
• Email preview: now when preparing an email for mailing the Quality Center users, you can preview and send a test email;
• Export: you can now export the list of Quality Center users to an Excel spreadsheet;
• Import: instead of manually adding new users, you can use an Excel spreadsheet and import the users automatically;
• Groups: to avoid having to use the Quality Center customization after creating users, you can now assign users to groups directly from the QC Project Management application;
• Locks removal: if a resource gets locked, you can now remove it without the help of the Site Administrator.
Not yet a user, download a 10 days evaluation license from here.
Please note that this new release replaces the QC User Management v1.x application.
The existing features have been improved especially regarding performance. Also, you will find some new handy functionalities such as:
• Email preview: now when preparing an email for mailing the Quality Center users, you can preview and send a test email;
• Export: you can now export the list of Quality Center users to an Excel spreadsheet;
• Import: instead of manually adding new users, you can use an Excel spreadsheet and import the users automatically;
• Groups: to avoid having to use the Quality Center customization after creating users, you can now assign users to groups directly from the QC Project Management application;
• Locks removal: if a resource gets locked, you can now remove it without the help of the Site Administrator.
Not yet a user, download a 10 days evaluation license from here.
Please note that this new release replaces the QC User Management v1.x application.
Vulnerability in Quality Center
Find below the details of a vulnerability in the HP Quality Center product (formely Mercury Quality Center). It is referenced as CVE-2007-5289 (VU#898865).
To solve this issue, it is advised to upgrade to version 9.2 of Quality Center and apply the latest patch.
Note that Quality Center 10.0 is vulnerable to this issue.
Introduction
Quality Center (QC) is a web-based QA testing and management tool. It is a product from HP when they took over Mercury Interactive last year.
The front-end of the application is composed of COM components that plug into the web browser. Quality Center provides a customization capability (called workflow) which allow the administrator to modify the default behavior. This workflow is driven by VBScript functions that are called whenever a particular event occurs on the client front-end.
In order to optimize the interaction speed of the application, a cache folder is created on the client machine. By default, this folder is located at %tmp%/TD_80. Whenever a user connects to a Quality Center project, 2 folders are created within the cache folder. One of these folders contain a copy of the workflow scripts used to customize the application. Indeed, those files are required on the client machine because the workflow is execute on the client, not on the server.
There exists 1 VBScript workflow file per feature. Those are:
• Login/Logout (common.tds)
• Defects module (defects.tds)
• Manual Test Execution (manrun.tds)
• Test Requirements module (req.tds)
• Test Lab module (testlab.tds)
• Test Plan module (testplan.tds)
The customization feature of Quality Center is often used for:
• Controlling password compliance (no blank password, more than 8 letters, etc.)
• Chained lists (when a value is selected in a field, another field gets updated with a list relevant to that value)
• Automatic updates to some QC components (Test, Test Set, Defect objects, hidden fields)
• Hidding information depending on the user’s group (used when a project is shared with different vendors)
• Others
The workflow is often driven by using the OTA (Open Test Architecture), the Quality Center API. This API allows the manipulation of any QC object (e.g. Subject folder, Test/Defect objects, Fields, etc.). It also allows the direct manipulation of the database used by Quality Center.
Issue
When a user connects to Quality Center, the cache folder is automatically updated with the latest VBScript workflow files. Those files are then read by the QC front-end only once for the whole session. They are then used by the application whenever the associated events are raised.
There are 2 main points that make this workflow highly vulnerable:
1. Those files are written in plain text;
2. Marking those files as read-only (through the file properties) will prevent Quality Center from overwriting them.
If a user modifies this file and then mark it as read-only, he can execute arbitrary code. As the OTA API allows access to the database, he can also modify the data stored in the database as follows:
• Quality Center 10.0 Patch 1 or below (Tested)
- Severity High: user has higher capability than defined by their profile
• Quality Center 9.2 (Unconfirmed)
- Severity High: user has higher capability than defined by their profile;
- Patch 14 contains the fix, earlier patches is unknown
• Quality Center 9.0 Patch < 17
- Severity Highly Critical: a user (even with a Viewer profile) can amend the data rendering it useless. He will also have higher capability than defined by their profile
• Quality Center 8.2 / 8.0 (Unconfirmed)
- Severity Highly Critical: a user (even with a Viewer profile) can amend the data rendering it useless. He will also have higher capability than defined by their profile
• TestDirector (Any Version)
- TestDirector is the former name of Quality Center
- Potentially the same issues as for Quality Center 9.0 Patch < 17
Please note that HP has released a patch that fixes this issue, please contact HP support for further details.
Example
This really short example shows how a user can simply change the content of all the defects to some meaningless values:
Please, do not try the following example as it will permanently damage you Quality Center data.
Sub Defects_Bug_MoveTo
Set objCommand = TDConnection.Command
objCommand.CommandText = "UPDATE BUG SET BG_SUMMARY='Useless', BG_DESCRIPTION='Useless'"
objCommand.Execute
End Sub
Notes
You can find your patch level by login into a Quality Center project, selecting the menu option Help > About HP Quality Center Software… and clicking the Additional Information button.
Patches for Quality Center are available at http://support.openview.hp.com/selfsolve/patches (login required).
To solve this issue, it is advised to upgrade to version 9.2 of Quality Center and apply the latest patch.
Note that Quality Center 10.0 is vulnerable to this issue.
Introduction
Quality Center (QC) is a web-based QA testing and management tool. It is a product from HP when they took over Mercury Interactive last year.
The front-end of the application is composed of COM components that plug into the web browser. Quality Center provides a customization capability (called workflow) which allow the administrator to modify the default behavior. This workflow is driven by VBScript functions that are called whenever a particular event occurs on the client front-end.
In order to optimize the interaction speed of the application, a cache folder is created on the client machine. By default, this folder is located at %tmp%/TD_80. Whenever a user connects to a Quality Center project, 2 folders are created within the cache folder. One of these folders contain a copy of the workflow scripts used to customize the application. Indeed, those files are required on the client machine because the workflow is execute on the client, not on the server.
There exists 1 VBScript workflow file per feature. Those are:
• Login/Logout (common.tds)
• Defects module (defects.tds)
• Manual Test Execution (manrun.tds)
• Test Requirements module (req.tds)
• Test Lab module (testlab.tds)
• Test Plan module (testplan.tds)
The customization feature of Quality Center is often used for:
• Controlling password compliance (no blank password, more than 8 letters, etc.)
• Chained lists (when a value is selected in a field, another field gets updated with a list relevant to that value)
• Automatic updates to some QC components (Test, Test Set, Defect objects, hidden fields)
• Hidding information depending on the user’s group (used when a project is shared with different vendors)
• Others
The workflow is often driven by using the OTA (Open Test Architecture), the Quality Center API. This API allows the manipulation of any QC object (e.g. Subject folder, Test/Defect objects, Fields, etc.). It also allows the direct manipulation of the database used by Quality Center.
Issue
When a user connects to Quality Center, the cache folder is automatically updated with the latest VBScript workflow files. Those files are then read by the QC front-end only once for the whole session. They are then used by the application whenever the associated events are raised.
There are 2 main points that make this workflow highly vulnerable:
1. Those files are written in plain text;
2. Marking those files as read-only (through the file properties) will prevent Quality Center from overwriting them.
If a user modifies this file and then mark it as read-only, he can execute arbitrary code. As the OTA API allows access to the database, he can also modify the data stored in the database as follows:
• Quality Center 10.0 Patch 1 or below (Tested)
- Severity High: user has higher capability than defined by their profile
• Quality Center 9.2 (Unconfirmed)
- Severity High: user has higher capability than defined by their profile;
- Patch 14 contains the fix, earlier patches is unknown
• Quality Center 9.0 Patch < 17
- Severity Highly Critical: a user (even with a Viewer profile) can amend the data rendering it useless. He will also have higher capability than defined by their profile
• Quality Center 8.2 / 8.0 (Unconfirmed)
- Severity Highly Critical: a user (even with a Viewer profile) can amend the data rendering it useless. He will also have higher capability than defined by their profile
• TestDirector (Any Version)
- TestDirector is the former name of Quality Center
- Potentially the same issues as for Quality Center 9.0 Patch < 17
Please note that HP has released a patch that fixes this issue, please contact HP support for further details.
Example
This really short example shows how a user can simply change the content of all the defects to some meaningless values:
Please, do not try the following example as it will permanently damage you Quality Center data.
Sub Defects_Bug_MoveTo
Set objCommand = TDConnection.Command
objCommand.CommandText = "UPDATE BUG SET BG_SUMMARY='Useless', BG_DESCRIPTION='Useless'"
objCommand.Execute
End Sub
Notes
You can find your patch level by login into a Quality Center project, selecting the menu option Help > About HP Quality Center Software… and clicking the Additional Information button.
Patches for Quality Center are available at http://support.openview.hp.com/selfsolve/patches (login required).
Subscribe to:
Posts (Atom)