For IBM Rational Functional Tester, you need to be an admin user under Windows or sudo user under Linux. The reason is simple: Rational Functional Tester is a tool that is designed for usage under an admin account. Also, the verification and validation of Rational Functional Tester at IBM happens under an administrative account.
However, in the real world, situations arise where you suspect security breaches when you grant users administrative rights. Think of banks or other financial institutions where names with corresponding amounts of money are stored in the same table. This highly confidential information must not come into wrong hands. The fewer people have access, the more secure this information.
Nothing to write home about
Broadly speaking, you do the following things with Rational Functional Tester.
Except for the latter action, Rational Functional Tester writes data into files outside your user folder. For installation, it's quite obvious that you need to have admin rights. After installation, you prepare the testing environment first before you test your applications under test.
To configure your applications for testing, you need to write into files. For example, to prepare Internet Explorer for testing, you need to enable Internet Explorer and the Java runtime environment (JRE). To perform these tasks, you write into files that are outside your user folders. Then, an administrative account is necessary.
One of the files you need to write is the following configuration file in Windows.
/Program Files/IBM/SDP/FunctionalTester/bin/configuration/configurations.Rational Functional Testercfg
When you enable Firefox, for example, you change the value between the “enabled” tags to true.
If you want to enable a browser, you add an extension. In the file system, you can trace the following file.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\Rational Functional Tester-firefox-enabler_<version>@rational.ibm.com.xpi
To run tests, Rational Functional Tester needs to run various processes and writes in folders outside the user folder. In one case, the Rational Functional Tester team got an error message that cmd.exe was necessary to run a script. After the system administrator granted permission, the script suddenly ran and completed.
You also need permission to the SDP\configuration\org.eclispe.osgi folder, a subfolder under the Program Files folder. During script run, Rational Functional Tester writes into this folder.
A few years ago an organization that executes social laws in a major European country contacted me to ask how to run Rational Functional Tester under a normal-user account. The reason was obvious: privacy laws prescribe secrecy about a person' s benefit. For example, it is nobody's business that person x got so much unemployment benefit for this period.
The Rational Functional Tester development gave directions of what Rational Functional Tester expects in terms of write privileges in Windows. Then, I tried to implement their directions in the organization's desktop computer. We got Rational Functional Tester working under a user with fewer privileges than an administrator after trial and error. Luckily the organization's team had a network administrator who was willing and able to grant the permissions directly without tedious procedures.
The following document describes the technical details.
What else can you do?
If your company or institution stores confidential information, you want to restrict access to this information. In any case, you store this secret information in highly secured file servers or database servers rather than in desktop computers. Rational Functional Tester as a desktop application runs on a desktop. As long a desktop user doesn't have access to your servers, the users cannot access the data that is entrusted to you. Suppose that you have a Windows domain. What would happen when you create a group of Rational Functional Tester users and put that group into the local administrators group? The latter group is only in the domain users group. Is this configuration secure?
In short, you can run Rational Functional Tester without full admin rights. You must make certain folders accessible for read and write and maybe other arrangements as well. However, it might work better if you work under admin right. KISS it, keep it simple & straightforward.
If you'd like to share your experiences with running Rational Functional Tester under a normal user, leave a comment here or follow me on Twitter @gunangwaney