- Attempt to log in using credentials from other accounts or invalid credentials.
- Log in with the correct credentials for each account.
- Verify that only the authorized actions defined by the user profile are accessible.
- If the account is not authorized to, attempt to read stored data
- If the account is not authorized to, attempt to read configuration data
- If the account is not authorized to, attempt to modify stored data
- If the account is not authorized to, attempt to modify configuration data
- VERDICT:
SUCCESS if only correct identification and authentication allows access to the specific rights of a user profile.
SUCCESS if only correct identification and authentication allows access to the specific rights of a user profile, and only authorized users may read or modify stored data or configuration data.
FAIL if unauthorized access or incorrect rights assignment is detected.
