/
Ulmo Release: AuthZ testing guide

Ulmo Release: AuthZ testing guide

Overview

RBAC is enabled for the latest Libraries experience. The MVP introduces library scoped roles and permission checks tied to specific user actions, with a management UI to view, assign, and revoke roles within a library scope.

Scope

  • Applies to the new Libraries experience only.

  • Actions are guarded by permissions. The UI should enable actions only when allowed, and the backend should block unauthorized attempts.

Concepts

  • Roles are stackable, effective permissions are cumulative across roles a user holds.

  • Assignments always pair a role with a scope, for Libraries that scope is the specific library.

  • The Roles and Permissions panel is accessed from Libraries.

Roles in this MVP

For the full permission list and mappings, see Library Roles and Permissions .

Legacy behaviour

  • Only global administrators, staff, or users who already have authoring rights in Studio can create libraries. This follows the same validation used to create courses in Studio.

  • All tag related permissions require that tags exist. Tag creation and editing follow the same validations used for taxonomy management today.

Test data setup

  • Create a shared pool of at least 11 test users, this will be useful to test pagination.

  • Distribute the four roles across multiple libraries. Keep one super admin and one staff level tester for pagination and elevated checks.

  • Include at least two users who hold multiple roles to validate stacking behavior and overlap.

  • Reuse the same pool across all test cases to reduce noise and simplify reproduction.