ATM_ID: 981A081C-0FA0-11EB-B4EB-C9BC9389A73E

MFF:

PLANNEDTIMESTAFF:

ID: WFAST_Accounting/Testcases/FS_50.001.01_Audit_Log_Events/10931

TESTCASE_HEADLINE: Event ID=144
Validate that the protocol log files shall not capture an event for device users are assigned/removed from a particular Logged-In user permissions role.

GROUP:

FEATURE:

SUB_FEATURE:

INPUT: <p>1.Make sure the user permissions method should be set as "Locally on the device".<br />
2.Make sure the User permissions roles and device users should be created (Assumes an existing roles and existing device users has been created by a previous tests).<br />
3.Make sure Protocol log option should be enabled.</p><p>Syslog:<br />
Syslog Destination Server details must be configured.</p>

PROCEDURE: <p>1.Navigate to EWS--User permissions--Logged-In users--click "Edit User Mappings" for an existing role to go to the "Manage user Permissions " screen.<br />
2.Select "All Logged-In Users with Exceptions" option and assign the created device users by selecting the checkbox under the Add New User in the same screen and apply the changes.<br />
3.Follow step 2 and remove devices users which you do not want by unselecting the checkbox and follow step 3 to check the audit log event.<br />
4.Download the audit log and unzip the auditfile.zip file to check the below protocol log files<br />
a)httpsfile.txt  b)ipsecfile.txt  c)sshfile.txt  d)tlsfile.txt.</p>

OUTPUT: <p>The below protocol log files should not be captured password rules  for the local user database event 144 for both scenario's<br />
a)httpsfile.txt  b)ipsecfile.txt  c)sshfile.txt  d)tlsfile.txt..</p><p>Event ID 144 Event Description User Permission Role Assignment|User Name|Device Name|Device Serial Number|User or Group Name (assigned)<br />
Role Name|Action (Added | Removed)</p><p>Sys log Verification using View Events option:</p><p>Syslog+CEF format should be displayed as per the Spec (Refer SIEM Integration and Audit Log Events Spec):</p><p>PRI number; Timestamp; Device name; CEF:0; Xerox; Device Model; Device Software Version; Device Audit log Event ID; Audti log Event Description; Severity)along with CEF Key Name Mapping.</p>

PROCESS:

PRIORITY:

TEST_TYPE: automated

LOE:

RESOURCE_HW:

RESOURCE_CONSUMEABLES:

RESOURCE_MEDIA:

SKILL_SET:

TEST_CASE_TYPE: testcases

TESTCASE_SOURCE:

SPEC: FS 50.001.01 Audit Log Events

SPEC_VERSION: 18

SPEC_TAG: 50.001.01.148

ATM_OWNER:

APPROVE_QE:

APPROVED_QE:

APPROVE_SE:

APPROVED_SE:

APPROVE_SPAR:

APPROVED_SPAR:

ASSOCIATED_TESTCASES:

TRAINING:

TESTCASE_VERSION:

TESTCASE_STATE:

TESTCASE_PLATFORM:

TESTCASE_PRODUCT: canyon, carroll, carroll_sfp, corvo, corrib, kiska, malawi, mystic, melody_sfp, melody, muckross

TESTCASE_APPROVALS:

CDATE: 1602846798

MDATE: 1602846798

MUSER: q4BVX0J1

AUTHOR: q4BVX0J1

ATM_MCOMMENTS: Imported from spreadsheet

HISTORY:

ATM_LOCKED:

ATM_REQLINK: 436A8F66-97F7-11E9-9925-CFADAA3FCFED

ATM_REQCOUNT: 1

QA_TEAM:

TC_WEIGHTAGE:

FILENAME:

FILEDESC:

FILES:

RELEASE:

AUTOMATION_GROUP:

TESTCASE_STEPS_ARE_RELATED_TO:

REASON_FOR_AUTOMATABLE:

PRECONDITION_TO_BE_DONE:

ACTION_TO_BE_DONE:

COMMON_FUNCTIONALITY:

COMMONALITY_DETAILS:

CONSTRAINTS_DAR: Imp_98 . NA  Done By Previous Analysis

DEVELOPMENT_COMPLETE_TIME:

PO_SIGNOFF_DATE:

COMPLEXITY_PRECONDITIONS:

COMPLEXITY_OUTPUT_VALIDATION: non_outliers

AUTOMATABLE: yes

TESTCASE_MODIFICATION_REQUIRED:

APTEST_UPDATE_STATUS:

DEVICE_CATEGORY: common

COMPETENCY: wfast_accounting

APTEST_TRACKING: yes

AUTOMATION_CANDIDATE: yes

SRT_ANALYZATION: analyzed