In part 2 of this article we have seen how to address concerns regarding test data on production instances. In this part of the article we will see how to address concerns related to deleting or modifying user data by accident while testing.
Before discussing the strategy, let me cite a real case which happened with a project team. A tester was trying to log into the production instance of a SaaS application. Unfortunately he forgot the password of the user account he used to login into the application for his testing work. He asked the system administrator to reset his password. This system administrator by mistake reset passwords of all users on the production instance. The result was that all the actual users of the application received notifications that their passwords have been reset through an automated email. There were more than 10,000 actual users at that time. This sudden email notification created panic and shock among the user community. They were wondering what happened and why it happened. The production support department of the SaaS vendor received thousands of queries and they were too inundated to reply to all of the queries. This disrupted working at all user communities who were using the SaaS application. This mess created loss of millions of dollars worth of business for these user communities and created a bad name for the SaaS vendor.
The lesson learnt from this episode was that the production database should never be touched in a casual manner. Later the SaaS vendor created and implemented strict code for handling the production database and the production instance application so that these kinds of things should never happen in future.
The bottom line is that production instances of software applications are very sensitive and there must be a strict compliance code to handle them.
Now let us discuss, ways to make sure that the testing activity does not tamper with user data. First of all, there must be an elaborate procedure to handle production databases. This kind of procedure usually exists and is complied by all DBAs and production application system administrators. Compliance to these procedures is the key here. Under no circumstances casual approach should be permitted. Similarly the testers should be educated and trained about the issues related to user data. The test team must ensure that the test data should strictly be different from user data and they should be educated as to how to keep their test data separate from user data. We already have seen how we can do that in part 2 of this article series.
Once these strategies are made and complied then chances of testers accidentally deleting or modifying user data will be minimal / negligible.
In part 4 of this series, we will see how we can make strategies for performance issues.