If you have a background SOAP application that runs on a regular basis, we recommend that you create an exclusive, dedicated TestTrack user for use only with the SOAP application. Creating an exclusive user includes the following advantages:
- You can embed the TestTrack username and password in your SOAP application’s source code. Developers who have access to the SOAP source code will also have access to the TestTrack username and password. If you embed your TestTrack administrator username and password you will create a potential security risk because developers will be able to gain administrative access to TestTrack. You can set command-level security to control the ability to log in using SOAP. You can give the exclusive user access to log into TestTrack using SOAP and restrict this user from accessing TestTrack using the Client or Web interfaces. If an unauthorized user gets ahold of the exclusive SOAP username, they will only be able to use it for SOAP access to TestTrack.
- You can give the exclusive SOAP user limited security access to the specific commands used by the SOAP application. Developers will not be able to ‘enhance’ the SOAP application and perform unauthorized TestTrack commands unless you change the SOAP user’s security rights.
- When you review the TestTrack history table or audit log, you will be able to more easily distinguish between changes made by the SOAP application and manual changes made by a TestTrack user.
- You can avoid situations where users have to wait to manually log into TestTrack because the SOAP application is running in the background. You can also make sure you do not run into a situation where the user logs into TestTrack Client or TestTrack Web, forgets to log out before going home for the weekend, and inadvertently blocks the SOAP application from being able to log in.