Hi team, a team member has Read Only access to one of our project. He reported that he is able to Run and Edit the Test cases. This should not be the behavior of Read Only access. Kindly look into this. We plan to share test reports by giving Dev Team Read Only access.
Hello, thank you for your feedback. Currently, read-only members can view and debug test cases but do not have permission to save them. Could you share more details about your specific use case so we can provide a suitable solution? Member Roles & Permission Settings - Apidog Docs
Hi, I’m referrring to the test cases in the “Test” tab
Thank you for your feedback. We’ll optimize the interaction experience (e.g., adding clear permission prompts when read-only members click “Save”) to prevent similar confusion in the future. Please note that read-only members indeed don’t have permission to save (backend will block actual save attempts), and we’ll make this rule more noticeable with clearer prompts. Thanks again for helping us improve the experience!
Thankyou for explaining this. Please also note the “Run” feature which is enabled for Read Only users. Should this not be disabled? I’m referring to the “Run” of the test case.
Thankyou for explaining this. Please also note the “Run” feature which is enabled for Read Only users. Should this not be disabled? I’m referring to the “Run” of the test case.
Thank you for your detailed feedback! We understand your concern about read-only users being able to run test cases. Here’s our current permission design rationale: read-only users cannot modify resources but can interact with them (e.g., running test cases for debugging) to better understand their purpose.
To better balance permission control and practical usage, could you share: What specific issues might arise from read-only users running test cases? Or in your scenario, how might this affect testing workflows or data accuracy?
Sure. The rationale is that the test cases are created by QA person using his own Auth Credentials. If a Dev is able to run the Test Case by making some changes in the request body then it will log the request on the backend server under QA member running the test.
Please feel free to suggest better approaches. I am open to your suggestions. Thankyou.
Would appreciate if you can share any best practices recommended by Apidog to perform and manage API testing in the platform.
Thank you for your feedback. To clarify, you’d like QA members to edit/run test cases while developers with read-only access should not be able to do so, is that correct?
Currently, our product follows a “visible resources are debuggable” principle. Even if we disable the “Run” button in Apidog, users could still request the API via curl or other tools since they can view the endpoint spec.
For API testing best practices, you may find this article helpful: [Test cases - Apidog Docs]. We value your team’s practical experience too - feel free to share more details about your workflow if you’d like.
Makes sense. Thankyou for explaining.
This bring me to my next question which is related to hiding folders from read-only members. You can see that it is required to grant at least read only access to other team member so they can peak into the project’s data that is the test cases in “Test” tab. I’m not talking about the endpoint’s test tab but the left panel of Tests. There we have several different folders and we do not want an external team member to be able to see them so we need to make them “admin/member view only” something like that.
Thank you for your feedback. We will forward this to our product team for evaluation.
You’re referring to some test scenario folders that you want to hide from certain members while keeping others visible to all project members, right? That makes perfect sense. We’ve received similar requests from many users, and we’ll record this requirement and make a plan to optimize it. Thank you again for your valuable feedback!
thankyou very much