September 17, 2012

Enforcing User Ownership for A Subset of Defects

Helix ALM
Need to lock down certain types of issues to ensure that the assigned user is in full control of what happens next? You need to set up an assignment rule in your project workflow! Assignment rules are often the forgotten step child of the TestTrack workflow. So much energy goes into defining assignment capabilities throughout the process of building a project workflow that I think most people just assume that the assignment rules tab is redundant. It's not! For this example, let's assume we have a team that generally expects everyone to be in the mix of fixing defects. As people come off other work items or have some slack in their schedules, they can grab a defect or two to fix. Where this breaks down, for our make-believe team, is security bugs. Security is critically important for the mobile apps they develop and there are two designated individuals who need to handle all security bugs. The team has been using TestTrack for several months now. The workflow is already setup to model their existing processes so we just need to make a couple tweaks to segment security bugs and make sure they're assigned to and fixed by the right team members.

Branch the Workflow

Step 1 is to create a branch within the workflow, which will segregate security defects. In this example, the workflow currently has a review and estimate step. However, since security issues are so important, we're going to bypass those steps and trust that our security experts will accurately diagnose and fix issues without a more formal review process. [caption id="attachment_12021" align="aligncenter" width="512" caption="New Branch for Security Bugs"][/caption] Creating this branch is easy, but if you're new to the TestTrack workflow read this blog post for more screenshots and commentary on the steps.
  1. First, create a new State in the workflow named "Security Bugs."
  2. Next, create a new Assign event since the default one doesn't change states. For this example, name the new event  Assign Security Bugs.
  3. Configure transition rules for the Assign Security Bugs and Fix events.

Automate Defect Assignments

Now we want to make sure that security bugs go down our new workflow path. We already have "Security" as an option in the Type field, so we're going to create a filter where Type == Security. Next, go to Tools > Administration > Automation Rules and create a new trigger rule. Set up the precondition to use the new filter. On the Trigger When tab, set the rule to fire anytime a defect is created. Finally, when this trigger fires, apply the new Assign Security Bugs event to the defect to assign it to the two team members responsible for security bugs. [caption id="attachment_12022" align="aligncenter" width="483" caption="Auto-assign security defects to our 2 security experts"][/caption]

Restrict Defect Changes to Assigned Users

Workflow is setup and all new security bugs are being assigned to our security experts. The last step is a small configuration change to ensure that only the security experts can mark those bugs as Fixed. For this, go to Tools > Administration > Workflow and select the Automation Rules tab. [caption id="attachment_12023" align="aligncenter" width="474" caption="Select the new state and click Edit"][/caption] Select the new Security Bugs state, click Edit, and then select the "Only allow assigned users ..." option. And that's it, you're set to go! We're automatically sending security bugs down a dedicated workflow branch and assigning them to our security team. We're preventing unassigned users from changing a defect when it's in the branched path, so we can be confident that security bugs are assigned to, and fixed by, the exact people we want working on those types of issues.