
July 8, 2026

TestInspector organizes tests in a three-level hierarchy — test, suite, and organization — that determines how variables are scoped, which defaults apply, and how teams access shared credentials without duplicating configuration. A variable defined at the organization level is available to every suite and test in the organization; a suite-level variable overrides the org default for all tests within that suite; a test-level variable takes final precedence for a single test's execution. This hierarchy controls how test data flows across a team's testing environment without manual copy-paste or environment-specific test branching.
Test organization is a structural problem that scales poorly without a deliberate model. A team with five tests and one environment rarely encounters naming conflicts or credential management overhead. A team with fifty tests across three environments and multiple team members encounters these problems constantly if variables, credentials, and configuration are managed at the individual test level. TestInspector's suite and organization hierarchy addresses this by making shared configuration available at the widest relevant scope and allowing narrower scopes to override it where necessary. This model is particularly valuable for teams building test automation practices across multiple products or services, where shared infrastructure like base URLs, API keys, and authentication tokens would otherwise require manual synchronization across tests whenever the configuration changes.
The organization is the top-level container in TestInspector. Every suite and test belongs to exactly one organization, and organization-level settings — including variables, role assignments, and billing — apply to all members and all content in that organization. Most companies using TestInspector set up one organization, though teams that need complete separation between products or divisions can use multiple organizations.
Suites are the primary grouping mechanism within an organization. A suite is a collection of tests that share a common purpose — all tests for a checkout flow, all tests for a specific API endpoint, or all regression tests for a product module. Suites have their own variable scope, scheduling configuration, and execution settings. When a suite is scheduled or triggered via CI, all tests in the suite run in the order configured for that suite.
Tests are the leaf-level units. A test is a sequence of steps — navigation, interactions, assertions, HTTP requests, or variable operations — that is executed from start to finish as a single run. Tests can reference variables from any level of the hierarchy, with the nearest scope taking precedence. The suite and organization levels exist specifically to reduce the amount of configuration that must be duplicated at the test level, which is where test authors spend most of their time.
Variable resolution in TestInspector follows a nearest-scope-wins rule. When a step references {{BASE_URL}}, TestInspector checks for a test-level variable with that name first. If one exists, it is used. If not, the suite-level variables are checked. If a suite-level {{BASE_URL}} exists, it is used. If not, the org-level variable with that name is used. If no variable with that name exists at any scope, the reference is left unresolved and the step will fail with an interpolation error.
This resolution order means that org-level variables function as defaults that any suite or test can override without modifying the org configuration. A common pattern is to define {{BASE_URL}} at the org level pointing to the staging environment, then override it at the suite level for any suite that specifically targets the production environment for smoke tests or monitoring. Individual tests that need a different URL for a specific step can further override it at the test level without affecting any other tests.
Encrypted variables follow the same scoping rules as plain variables. A TOTP secret, an API key, or a service password stored as an encrypted variable at the org level is available to all suites without being copied into each one. The encryption and masking applied to the value are preserved regardless of which scope the variable is resolved from. This matters for credentials like database connection strings or third-party API keys that are shared across many tests but should not be visible in run logs or variable management screens.
Variable naming conventions become important when using the hierarchy with a large team. If multiple developers define variables with the same name at different scopes, the nearest-scope resolution order determines which value is used. A test-level variable named {{ENV}} that a developer created for a specific test will silently override the suite or org variable with the same name for that test's execution. Documenting naming conventions for shared variables at the org level helps prevent this class of silent override from producing unexpected test behavior. The same principle applies to how software testing teams manage environment configuration in other toolchains — scope isolation is only effective when naming discipline is maintained alongside it.
Organization-level variables in TestInspector are the primary mechanism for managing shared test infrastructure configuration. Any value that is used by multiple suites without modification belongs at the org level: base URLs for the test environment, shared service account credentials, API base paths, environment identifiers, and configuration flags that apply across all tests.
The practical benefit of org-level defaults is that configuration changes require a single update. When the staging environment URL changes, updating the org-level {{BASE_URL}} variable propagates the change to all suites and tests that reference it without opening or modifying any individual test. This contrasts with managing configuration at the test level, where a URL change requires finding every test that hardcodes or holds its own copy of the URL and updating each one — a process that is error-prone and difficult to complete without missing some tests.
Org-level defaults also simplify onboarding of new test suites. When a team member creates a new suite, it inherits all org-level variables immediately. The author can write tests using {{BASE_URL}}, {{API_KEY}}, and {{TEST_USER}} without configuring those values — they are already available from the organization scope. The suite-level and test-level variables exist only when a specific suite or test needs to deviate from the org default, not as a required configuration step for every new test.
| Variable Type | Recommended Scope | Example Use Case |
|---|---|---|
| Base environment URL | Organization | {{BASE_URL}} pointing to staging; overridden at suite level for production smoke tests |
| Shared service account | Organization | {{TEST_USER}} and {{TEST_PASSWORD}} used by most test flows |
| Per-suite test account | Suite | {{CHECKOUT_USER}} for a dedicated checkout testing account |
| TOTP secrets | Suite or Organization | {{TOTP:secret}} for a shared 2FA test account; suite-level if different accounts per suite |
| One-off test values | Test | Specific product IDs, date strings, or values unique to a single test |
| Timestamps | Test (via {{TIMESTAMP}}) | Dynamic values generated at runtime; not stored as persistent variables |
TestInspector also supports built-in variables {{TIMESTAMP}}, {{ALPHANUMERIC}}, and {{TOTP:secret}} that are generated at runtime rather than resolved from a stored value. These do not have a scope in the variable hierarchy — they are computed fresh on each use — but they interact with stored variables when combined in step values. A stored org-level {{BASE_URL}} can be combined with a runtime {{TIMESTAMP}} in a single step value to create unique request identifiers or time-stamped filenames for test artifacts. The complete software testing guide provides broader context on test data management strategies and how runtime-generated values fit into a structured test data approach.
TestInspector's multi-tenant organization model assigns each user in an organization one of three roles: owner, admin, or member. The role determines what configuration a user can read and modify within the organization, which has direct implications for how variable management is governed across a team.
Owners have full access to all organization settings, including org-level variable management, billing, and adding or removing members. Admins can manage suites, tests, and suite-level variables, but typically do not have access to org-level configuration depending on how the organization is structured. Members can run tests, view results, and create test-level variables within suites they have access to, but cannot modify shared org-level configuration.
This role structure is relevant to variable scoping in practice. If a team wants org-level variables to remain stable — only changed by a small group with full context of which tests depend on them — restricting org-level variable management to owner and admin roles provides a natural governance layer. Test authors working at the member level can create test-level overrides when they need different behavior for their tests without touching the shared org configuration that other suites depend on.
The multi-tenant model also supports multiple products or teams within the same organization. A company with a web product team and a mobile API team can use the same TestInspector organization, with each team maintaining their own suites and suite-level variables, while sharing org-level credentials for services that both teams use — authentication infrastructure, shared databases, or third-party integrations. Teams evaluating whether to structure testing around a single shared organization or multiple separate organizations should consider whether shared org-level variables, single billing management, and cross-team visibility are benefits or complications for their governance model. For teams looking to hire or expand a QA team and integrate them into an existing TestInspector setup, the role-based access model allows controlled onboarding without exposing sensitive org-level credentials to new members by default.
How suites are organized affects how the variable hierarchy is used and how easily the test structure scales with the product. Teams that start with a single suite containing all tests tend to encounter friction when the test count grows beyond thirty or forty tests, because execution time increases, test failures become harder to attribute to specific flows, and suite-level variable overrides cannot target subsets of tests without splitting the suite.
A functional grouping strategy — one suite per major product area or user journey — produces cleaner variable boundaries. A checkout suite can define its own {{TEST_USER}}, {{PRODUCT_ID}}, and {{PAYMENT_METHOD}} at the suite level, independent of the user account variables used in the authentication suite or the admin user variables used in the content management suite. The org level still holds the shared {{BASE_URL}} and service credentials, but each suite manages the configuration specific to its flow without polluting the org-level variable space.
A second pattern is to create suites that correspond to execution contexts rather than functional areas: a smoke suite that runs on every deployment, a regression suite that runs nightly, and a full suite that runs on a scheduled weekly basis. This structure allows different scheduling configuration per suite while keeping the variable hierarchy consistent. The smoke suite can override {{BASE_URL}} to point to the production environment while the regression suite inherits the staging URL from the org level.
TestInspector's test management interface supports both organization strategies simultaneously — a team can organize suites by functional area and also tag tests for inclusion in cross-cutting execution suites. For teams running comprehensive QA across multiple platforms, combining suite organization with CI trigger API calls per suite allows deployment pipelines to trigger only the relevant smoke or regression suite for each environment without running the full test library. The documentation and reporting tools in the broader testing workflow benefit from this structure as well: per-suite execution history and pass rates provide clearer signal about which functional areas have regressed than a monolithic test library where failures from unrelated flows are reported together.
| Approach | Scope Model | Override Mechanism | Encrypted Secret Support | Team Access Control |
|---|---|---|---|---|
| TestInspector | Test / Suite / Org (three levels) | Nearest-scope-wins; no config required to override | Built-in; masked in logs | Owner / Admin / Member roles |
| Playwright config files | Global / project / test file | Project override in playwright.config.ts | Requires external secret manager or CI env vars | No built-in role management |
| Selenium + TestNG | Suite XML / test class / method | Parameter override in testng.xml | Requires external vault integration | No built-in role management |
| Cypress | cypress.config.js / env block | --env flag or environment file per run | Requires plugin or CI secret injection | No built-in role management |
TestInspector supports three levels: organization, suite, and test. A variable defined at the organization level is available to all suites and tests. A suite-level variable with the same name overrides the org-level value for tests in that suite. A test-level variable overrides both the org and suite value for a single test's execution. There is no additional project or environment level — environment separation is typically achieved through suite-level overrides on shared org defaults.
Yes. Define {{BASE_URL}} at the org level pointing to your default environment — typically staging. Create a suite specifically for production smoke tests or monitoring and define a suite-level {{BASE_URL}} pointing to the production URL. Tests in that suite will resolve the suite-level value; all other tests will resolve the org-level default. No changes are needed to individual test steps when this structure is in place.
No. Encrypted variables are not displayed in plain text to any user after initial entry, regardless of role. Owners, admins, and members can all reference an encrypted variable in test steps, but the value itself is not readable through the interface. In execution logs, the resolved value is masked. This means a team member can use a shared TOTP secret or API key without ever seeing the raw value.
The test-level variable takes precedence for that test's execution only. Other tests in the same suite or organization are unaffected — they continue to resolve the org-level value. This is the intended override mechanism and is commonly used when a specific test needs to use a different test account, target URL, or configuration value than the suite default without modifying any shared configuration.
Create a suite-per-team or suite-per-product-area structure and use suite-level variables for team-specific configuration. Shared infrastructure credentials — base URLs, shared service accounts, API keys used across teams — belong at the org level. Each team manages its own suite variables independently. Role assignments ensure that team members can modify their team's suites without access to org-level configuration or other teams' suites. This keeps shared defaults stable while giving each team full control over their own test configuration.
Yes. TestInspector's CI trigger API accepts a suite identifier and executes only the tests in that suite. Deployment pipelines can call the API with a smoke suite ID on each deployment and a regression suite ID on nightly schedules, without triggering the full test library. The API returns a run ID that the pipeline can poll for status, allowing the deployment to be gated on smoke test completion before proceeding to production promotion.

Sign up to receive and connect to our newsletter