Presentation on theme: "High level QA strategy for SQL Server enforcer"— Presentation transcript:
1High level QA strategy for SQL Server enforcer Presentation for Nextlabs by Alex Todortsev
2Agenda for Discussion Understanding Customer’s Environment Challenges, Stages, RequirementsQA StrategyDifferent aspects of the productFunctional testingAuthentication/access control handlingQA coverage for different customer topologiesQA ProcessAutomation part of Test Plan
3Customer Environment Understanding the environment Topology for each client, 3rd party or proprietary software, legacy system support.Number of users and authentication systemAccess rights and rules enforcement on all levelsAverage number of concurrent users, picks, any known bottlenecksQA task – design universal scale down environment that will allow to test different customer topologies without recreating every single one.
5At what stage QA should be involved? ReviewRequirementsFunctionalSpecificationsSystem Test Design(Specialized Test Scenarios)ReviewReviewDesignFunction Test Design(test cases)ReviewCodeUnit TestingFunctionTestingSystemTestingSpecializedTesting
6QA Approach Phase 1 – Define Needs Phase 2 – Define Testing Plan Understand client’s QA requirementsPhase 2 – Define Testing PlanDetermine test strategyForm teamCreate QA project planPhase 3 – Design TestCreate test casesSet up tools and environmentPhase 4 – Implement TestExecute test casesReport bugsFix, verify, regression test loopPhase 5 – Analysis and ReportAnalyze process, defects, and applicationIncorporate data from analysis into test processKnowledge transfer
7QA strategy What is necessary for successful testing: Testing areas: Test environment that will be universal by allowing us to recreate specific customer topologyHighly skilled and dedicated staff focused on QAUse of flexible and dynamic QA processTesting areas:Support multiple configurations and platformsAuthentication and access controlFunctional testingSystem, stress and load test
8QA strategy (contd.) Aspects that need to be tested: Verify correct enforcement of policies and access control based on/for:user/groupobjects (Tables, Indexes, Triggers, Columns, etc.) and actions (Create, Delete, Insert, Update, etc.)different aspects of the Query (Joins, new indexes, etc.)data size (Insert/Delete/Update, query size, etc)Verify that full and correct report is provided to policy officers and user is informed when access was denied due to policies and access control.
9QA process Components and parts: Build system (automated build + scripted acceptance test)Bug/defects lifecycleUnit test library and code reviewTest case design based on user experiencePotential addition and changes to functionality/support should be taken into account (incorporate customers support feedback)Test metrics and test subsets for specific test cycleInternal use of product“Sandbox” as a testing ground for pilots and new functionality“Client” mentality through development/QA process
10QA process (contd.)“White box” test approach (resources, test cases, development/QA cooperation)Test tools and areas targeted for automationAutomation and regression libraryAnalyze bug/defect ratio, test case coverage, usability feedback, identify weak areas of the product and incorporate results in test process
11Testing Details (some aspects of automation area in test plan)
12QA Test plan (automation overview) Each section of a test plan offers a detailed view on how testing will use its many weapons and tools to attack the product. The audience for this is primarily Testing, since the plan specifies what will be done to test the product. Development may also find it useful so they know how we intend to test their product.Strategy SummaryFrom a testing perspective, we identify the main issues / issues that will be involved in testing of the product.GoalsThe main goal is to implement as much automation for UI and functional test as possible. Specific attention should be paid to the process of authentication and access control.- Non Goals (for example)In the future we should support Mac OS
13QA Test plan (automation overview) (contd.) ApproachThe whole application should be divided into small parts and tested accordingly to test matrix. At a glance those parts are:UI/functional test casesInstallation (including different configurations and platforms)Synchronization of access control based on user/group (includes some boundary cases like disconnecting laptop during synchronization and multiple users updating/downloading access information for the same group)Server side testing (includes queries, server response time, points of failure, back-up plan)System testStress/load/volume test
14QA Test plan (automation overview) (contd.) UI automation tools and areas of UI that appropriate for automation (choosing tool will depend on UI specifics such as platform, elements and areas of automation)SQL Server test tool (based on SQL client that most users will use I’ll have to pick a tool that will fit in our authentication/access control schema) For example SQL Server Query Analyzer might be useful to see statistics on query performance and table/action execution.Stress, load, volume tests – (Do we need to do it for this project? Making sure we test our product and not SQL server)Review of existing (in house) tools, what could be used, how much additional effort required to adapt tool for our needsAny custom tool that could be created in the house?List of high level test scenarios for automation that will be expended with test cases later in the process.