summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite
diff options
context:
space:
mode:
authorsg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
committersg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
commit43854a9e3310ff7a92257d16c4fc0a8321eaec68 (patch)
tree46af936c5da4f9c60d7d63dade5c61a8fd5ef9f4 /authz-test/TestSuite
parentf691a8b8dfc9eea4c6b3bfa45ea60f07ad347e69 (diff)
 [AAF-21] Initial code import
Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-test/TestSuite')
-rw-r--r--authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt102
-rw-r--r--authz-test/TestSuite/JU_Lur2_0/10_init34
-rw-r--r--authz-test/TestSuite/JU_Lur2_0/Description2
-rw-r--r--authz-test/TestSuite/MTC_Appr1/00_ids8
-rw-r--r--authz-test/TestSuite/MTC_Appr1/10_init29
-rw-r--r--authz-test/TestSuite/MTC_Appr1/15_create40
-rw-r--r--authz-test/TestSuite/MTC_Appr1/Description16
-rw-r--r--authz-test/TestSuite/MTC_Appr2/00_ids8
-rw-r--r--authz-test/TestSuite/MTC_Appr2/99_cleanup35
-rw-r--r--authz-test/TestSuite/MTC_Appr2/Description16
-rw-r--r--authz-test/TestSuite/TC_Cred1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Cred1/10_init36
-rw-r--r--authz-test/TestSuite/TC_Cred1/15_create33
-rw-r--r--authz-test/TestSuite/TC_Cred1/30_multiple_creds69
-rw-r--r--authz-test/TestSuite/TC_Cred1/99_cleanup29
-rw-r--r--authz-test/TestSuite/TC_Cred1/Description16
-rw-r--r--authz-test/TestSuite/TC_DELG1/00_ids10
-rw-r--r--authz-test/TestSuite/TC_DELG1/10_init55
-rw-r--r--authz-test/TestSuite/TC_DELG1/20_create55
-rw-r--r--authz-test/TestSuite/TC_DELG1/99_cleanup17
-rw-r--r--authz-test/TestSuite/TC_DELG1/Description16
-rw-r--r--authz-test/TestSuite/TC_Link/00_ids9
-rw-r--r--authz-test/TestSuite/TC_Link/05_print6
-rw-r--r--authz-test/TestSuite/TC_Link/10_init13
-rw-r--r--authz-test/TestSuite/TC_Link/15_print6
-rw-r--r--authz-test/TestSuite/TC_Link/20_del3
-rw-r--r--authz-test/TestSuite/TC_Link/25_print6
-rw-r--r--authz-test/TestSuite/TC_Link/30_readd5
-rw-r--r--authz-test/TestSuite/TC_Link/35_print6
-rw-r--r--authz-test/TestSuite/TC_Link/99_delete5
-rw-r--r--authz-test/TestSuite/TC_Link/Description9
-rw-r--r--authz-test/TestSuite/TC_NS1/00_ids9
-rw-r--r--authz-test/TestSuite/TC_NS1/01_ERR_BadData14
-rw-r--r--authz-test/TestSuite/TC_NS1/10_init30
-rw-r--r--authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists4
-rw-r--r--authz-test/TestSuite/TC_NS1/20_Commands7
-rw-r--r--authz-test/TestSuite/TC_NS1/30_add_data14
-rw-r--r--authz-test/TestSuite/TC_NS1/50_Admin49
-rw-r--r--authz-test/TestSuite/TC_NS1/60_Responsible43
-rw-r--r--authz-test/TestSuite/TC_NS1/80_CheckData15
-rw-r--r--authz-test/TestSuite/TC_NS1/90_ERR_Delete7
-rw-r--r--authz-test/TestSuite/TC_NS1/99_cleanup15
-rw-r--r--authz-test/TestSuite/TC_NS1/Description15
-rw-r--r--authz-test/TestSuite/TC_NS2/00_ids10
-rw-r--r--authz-test/TestSuite/TC_NS2/10_init71
-rw-r--r--authz-test/TestSuite/TC_NS2/20_add_data18
-rw-r--r--authz-test/TestSuite/TC_NS2/40_viewByName31
-rw-r--r--authz-test/TestSuite/TC_NS2/41_viewByAdmin20
-rw-r--r--authz-test/TestSuite/TC_NS2/99_cleanup27
-rw-r--r--authz-test/TestSuite/TC_NS2/Description7
-rw-r--r--authz-test/TestSuite/TC_NS3/00_ids10
-rw-r--r--authz-test/TestSuite/TC_NS3/10_init8
-rw-r--r--authz-test/TestSuite/TC_NS3/20_add56
-rw-r--r--authz-test/TestSuite/TC_NS3/50_delete27
-rw-r--r--authz-test/TestSuite/TC_NS3/99_cleanup14
-rw-r--r--authz-test/TestSuite/TC_NS3/Description10
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/00_ids10
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/10_init35
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/20_DeleteApp30
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany42
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/40_ForceDelete26
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/99_cleanup36
-rw-r--r--authz-test/TestSuite/TC_NSdelete1/Description15
-rw-r--r--authz-test/TestSuite/TC_PW1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_PW1/10_init24
-rw-r--r--authz-test/TestSuite/TC_PW1/20_length10
-rw-r--r--authz-test/TestSuite/TC_PW1/21_groups40
-rw-r--r--authz-test/TestSuite/TC_PW1/23_commands6
-rw-r--r--authz-test/TestSuite/TC_PW1/30_reset15
-rw-r--r--authz-test/TestSuite/TC_PW1/99_cleanup21
-rw-r--r--authz-test/TestSuite/TC_PW1/Description16
-rw-r--r--authz-test/TestSuite/TC_Perm1/00_ids9
-rw-r--r--authz-test/TestSuite/TC_Perm1/10_init23
-rw-r--r--authz-test/TestSuite/TC_Perm1/20_add_data38
-rw-r--r--authz-test/TestSuite/TC_Perm1/22_rename52
-rw-r--r--authz-test/TestSuite/TC_Perm1/25_grant_owned40
-rw-r--r--authz-test/TestSuite/TC_Perm1/26_grant_unowned175
-rw-r--r--authz-test/TestSuite/TC_Perm1/27_grant_force29
-rw-r--r--authz-test/TestSuite/TC_Perm1/30_change_ns14
-rw-r--r--authz-test/TestSuite/TC_Perm1/99_cleanup42
-rw-r--r--authz-test/TestSuite/TC_Perm1/Description16
-rw-r--r--authz-test/TestSuite/TC_Perm2/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Perm2/10_init8
-rw-r--r--authz-test/TestSuite/TC_Perm2/20_add_data44
-rw-r--r--authz-test/TestSuite/TC_Perm2/30_change_ns14
-rw-r--r--authz-test/TestSuite/TC_Perm2/40_viewByType82
-rw-r--r--authz-test/TestSuite/TC_Perm2/41_viewByUser34
-rw-r--r--authz-test/TestSuite/TC_Perm2/42_viewByNS10
-rw-r--r--authz-test/TestSuite/TC_Perm2/43_viewByRole15
-rw-r--r--authz-test/TestSuite/TC_Perm2/99_cleanup24
-rw-r--r--authz-test/TestSuite/TC_Perm2/Description9
-rw-r--r--authz-test/TestSuite/TC_Perm3/00_ids10
-rw-r--r--authz-test/TestSuite/TC_Perm3/10_init16
-rw-r--r--authz-test/TestSuite/TC_Perm3/20_innerGrants29
-rw-r--r--authz-test/TestSuite/TC_Perm3/30_outerGrants23
-rw-r--r--authz-test/TestSuite/TC_Perm3/99_cleanup22
-rw-r--r--authz-test/TestSuite/TC_Perm3/Description13
-rw-r--r--authz-test/TestSuite/TC_Realm1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Realm1/10_init20
-rw-r--r--authz-test/TestSuite/TC_Realm1/20_ns26
-rw-r--r--authz-test/TestSuite/TC_Realm1/30_role20
-rw-r--r--authz-test/TestSuite/TC_Realm1/40_user42
-rw-r--r--authz-test/TestSuite/TC_Realm1/99_cleanup28
-rw-r--r--authz-test/TestSuite/TC_Realm1/Description2
-rw-r--r--authz-test/TestSuite/TC_Role1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Role1/10_init23
-rw-r--r--authz-test/TestSuite/TC_Role1/20_add_data40
-rw-r--r--authz-test/TestSuite/TC_Role1/30_change_ns14
-rw-r--r--authz-test/TestSuite/TC_Role1/40_reports24
-rw-r--r--authz-test/TestSuite/TC_Role1/50_force_delete28
-rw-r--r--authz-test/TestSuite/TC_Role1/90_wait2
-rw-r--r--authz-test/TestSuite/TC_Role1/99_cleanup34
-rw-r--r--authz-test/TestSuite/TC_Role1/Description16
-rw-r--r--authz-test/TestSuite/TC_Role2/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Role2/10_init8
-rw-r--r--authz-test/TestSuite/TC_Role2/20_add_data39
-rw-r--r--authz-test/TestSuite/TC_Role2/40_viewByName45
-rw-r--r--authz-test/TestSuite/TC_Role2/41_viewByUser20
-rw-r--r--authz-test/TestSuite/TC_Role2/42_viewByNS10
-rw-r--r--authz-test/TestSuite/TC_Role2/43_viewByPerm15
-rw-r--r--authz-test/TestSuite/TC_Role2/99_cleanup22
-rw-r--r--authz-test/TestSuite/TC_Role2/Description9
-rw-r--r--authz-test/TestSuite/TC_UR1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_UR1/10_init31
-rw-r--r--authz-test/TestSuite/TC_UR1/23_commands10
-rw-r--r--authz-test/TestSuite/TC_UR1/30_userrole53
-rw-r--r--authz-test/TestSuite/TC_UR1/40_reset40
-rw-r--r--authz-test/TestSuite/TC_UR1/90_wait2
-rw-r--r--authz-test/TestSuite/TC_UR1/99_cleanup32
-rw-r--r--authz-test/TestSuite/TC_UR1/Description16
-rw-r--r--authz-test/TestSuite/TC_User1/00_ids12
-rw-r--r--authz-test/TestSuite/TC_User1/10_init25
-rw-r--r--authz-test/TestSuite/TC_User1/20_add_data26
-rw-r--r--authz-test/TestSuite/TC_User1/40_viewByRole23
-rw-r--r--authz-test/TestSuite/TC_User1/41_viewByPerm29
-rw-r--r--authz-test/TestSuite/TC_User1/42_viewByDelegates12
-rw-r--r--authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm27
-rw-r--r--authz-test/TestSuite/TC_User1/99_cleanup37
-rw-r--r--authz-test/TestSuite/TC_User1/Description6
-rw-r--r--authz-test/TestSuite/TC_Wild/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Wild/10_init18
-rw-r--r--authz-test/TestSuite/TC_Wild/20_perm33
-rw-r--r--authz-test/TestSuite/TC_Wild/21_perm33
-rw-r--r--authz-test/TestSuite/TC_Wild/30_role33
-rw-r--r--authz-test/TestSuite/TC_Wild/31_role33
-rw-r--r--authz-test/TestSuite/TC_Wild/32_role30
-rw-r--r--authz-test/TestSuite/TC_Wild/50_global_perm33
-rw-r--r--authz-test/TestSuite/TC_Wild/51_global_role33
-rw-r--r--authz-test/TestSuite/TC_Wild/52_global_ns33
-rw-r--r--authz-test/TestSuite/TC_Wild/99_cleanup25
-rw-r--r--authz-test/TestSuite/TC_Wild/Description16
-rw-r--r--authz-test/TestSuite/TEMPLATE_TC/00_ids10
-rw-r--r--authz-test/TestSuite/TEMPLATE_TC/10_init24
-rw-r--r--authz-test/TestSuite/TEMPLATE_TC/99_cleanup22
-rw-r--r--authz-test/TestSuite/TEMPLATE_TC/Description10
-rw-r--r--authz-test/TestSuite/cmds21
-rw-r--r--authz-test/TestSuite/copy17
-rw-r--r--authz-test/TestSuite/csv13
-rw-r--r--authz-test/TestSuite/expected/MTC_Appr1.expected144
-rw-r--r--authz-test/TestSuite/expected/MTC_Appr2.expected24
-rw-r--r--authz-test/TestSuite/expected/TC_Cred1.expected269
-rw-r--r--authz-test/TestSuite/expected/TC_DELG1.expected223
-rw-r--r--authz-test/TestSuite/expected/TC_Link.expected253
-rw-r--r--authz-test/TestSuite/expected/TC_NS1.expected327
-rw-r--r--authz-test/TestSuite/expected/TC_NS2.expected389
-rw-r--r--authz-test/TestSuite/expected/TC_NS3.expected192
-rw-r--r--authz-test/TestSuite/expected/TC_NSdelete1.expected362
-rw-r--r--authz-test/TestSuite/expected/TC_PW1.expected170
-rw-r--r--authz-test/TestSuite/expected/TC_Perm1.expected963
-rw-r--r--authz-test/TestSuite/expected/TC_Perm2.expected554
-rw-r--r--authz-test/TestSuite/expected/TC_Perm3.expected136
-rw-r--r--authz-test/TestSuite/expected/TC_Realm1.expected210
-rw-r--r--authz-test/TestSuite/expected/TC_Role1.expected369
-rw-r--r--authz-test/TestSuite/expected/TC_Role2.expected447
-rw-r--r--authz-test/TestSuite/expected/TC_UR1.expected266
-rw-r--r--authz-test/TestSuite/expected/TC_User1.expected485
-rw-r--r--authz-test/TestSuite/expected/TC_Wild.expected520
-rw-r--r--authz-test/TestSuite/list2
-rw-r--r--authz-test/TestSuite/qc38
-rw-r--r--authz-test/TestSuite/reset4
-rw-r--r--authz-test/TestSuite/rpt122
-rw-r--r--authz-test/TestSuite/rpt212
-rw-r--r--authz-test/TestSuite/tc82
183 files changed, 10174 insertions, 0 deletions
diff --git a/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt b/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt
new file mode 100644
index 00000000..058508a7
--- /dev/null
+++ b/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt
@@ -0,0 +1,102 @@
+#-------------------------------------------------------------------------------
+# ============LICENSE_START====================================================
+# * org.onap.aai
+# * ===========================================================================
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# * Copyright © 2017 Amdocs
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# *
+#-------------------------------------------------------------------------------
+NOTE: You may find slight differences between this readme doc and your actual output in places such as <YOUR_ATTUID>, times, or other such fields that vary for each run.
+
+Do NOT replace anything inside square brackets such as [user.name] Some commands listed here use this notation, but they are set up to work by just copying & pasting the entire command.
+
+run command: sh ./tc MTC_Appr1
+you should see: MTC_Appr1
+ SUCCESS! [MTC_Appr1.2014-11-03_11-26-26]
+
+
+open a broswer and goto the gui for the machine you're on. For example, this is the home page on test machine zltv1492:
+https://zltv1492.vci.att.com:8085/gui/home
+
+click on My Approvals
+
+click the submit button at the bottom of the form with no approve or deny buttons selected
+
+you should see: No Approvals have been sent. Try again
+
+click "Try again" link
+
+you should see: The Approval Request page
+
+NOTE: a radio button is a (filled or unfilled) circle under approve or deny
+click the select all link for approve
+
+you should see: all radio buttons under approve should be selected
+
+click the select all link for deny
+
+you should see: all radio buttons under deny should be selected
+
+click the reset button at the bottom of the form
+
+you should see: NO radio buttons should be selected
+
+Try to select both approve and deny for a single entry
+
+you should: not be able to
+
+approve or deny entries as you like, then click submit
+
+after you have submitted all approvals, go back to My Approvals page
+
+you should see: No Approvals to process at this time
+
+in your command line,
+run command: aafcli ns list name com.test.appr.@[user.name].myProject
+
+NOTE: what you see here will depend on which entries you approved and denied. Included are 2 examples of what you can see:
+
+1) If you approve everything
+
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
+--------------------------------------------------------------------------------
+com.test.appr.<YOUR_ATTUID>.myProject
+ Administrators
+ <YOUR_ATTUID>@csp.att.com
+ Responsible Parties
+ <YOUR_ATTUID>@csp.att.com
+
+
+2) If you deny everything
+
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
+--------------------------------------------------------------------------------
+
+
+run command: sh ./tc MTC_Appr2 dryrun
+you should see: a lot of output. It's fine if you see errors for this command.
+
+run command: aafcli ns list name com.test.appr
+you should see: List Namespaces by Name[com.test.appr]
+--------------------------------------------------------------------------------
+
+
+run command: aafcli ns list name com.test.appr.@[user.name]
+you should see: List Namespaces by Name[com.test.appr.<YOUR_ATTUID>]
+--------------------------------------------------------------------------------
+
diff --git a/authz-test/TestSuite/JU_Lur2_0/10_init b/authz-test/TestSuite/JU_Lur2_0/10_init
new file mode 100644
index 00000000..a38e94bf
--- /dev/null
+++ b/authz-test/TestSuite/JU_Lur2_0/10_init
@@ -0,0 +1,34 @@
+as testid@aaf.att.com:<pass>
+# JU_Lur2_0.10.0.POS List NS to prove ok
+expect 201,409
+ns create com.test.JU_Lur2_0Call @[user.name] testid@aaf.att.com
+
+# JU_Lur2_0.10.2.POS Create Role in Namespace
+role create com.test.JU_Lur2_0Call.role
+
+# JU_Lur2_0.10.10.POS Create MyInstance Perms
+perm create com.test.JU_Lur2_0Call.service myInstance write
+perm create com.test.JU_Lur2_0Call.service myInstance read
+perm create com.test.JU_Lur2_0Call.service myInstance *
+
+# JU_Lur2_0.10.11.POS Create kumquat Perms
+perm create com.test.JU_Lur2_0Call.service kumquat write
+perm create com.test.JU_Lur2_0Call.service kumquat read
+perm create com.test.JU_Lur2_0Call.service kumquat *
+perm create com.test.JU_Lur2_0Call.service kum.quat read
+
+# JU_Lur2_0.10.11.POS Create key delimited Perms
+perm create com.test.JU_Lur2_0Call.service :myCluster write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:myCF write
+perm create com.test.JU_Lur2_0Call.service :myCluster:*:myCF write
+perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:* write
+
+# JU_Lur2_0.10.20.POS Grant Some Perms to Role
+perm grant com.test.JU_Lur2_0Call.service myInstance * com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service kumquat read com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service kum.quat read com.test.JU_Lur2_0Call.role
+perm grant com.test.JU_Lur2_0Call.service :myCluster:*:myCF write com.test.JU_Lur2_0Call.role
+
+# JU_Lur2_0.30.1.POS Add User to ROle
+user role add testid@aaf.att.com com.test.JU_Lur2_0Call.role
diff --git a/authz-test/TestSuite/JU_Lur2_0/Description b/authz-test/TestSuite/JU_Lur2_0/Description
new file mode 100644
index 00000000..748dc675
--- /dev/null
+++ b/authz-test/TestSuite/JU_Lur2_0/Description
@@ -0,0 +1,2 @@
+Load Data for CADI Test: JU_Lur2_0Call.java
+
diff --git a/authz-test/TestSuite/MTC_Appr1/00_ids b/authz-test/TestSuite/MTC_Appr1/00_ids
new file mode 100644
index 00000000..e5c040ea
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/MTC_Appr1/10_init b/authz-test/TestSuite/MTC_Appr1/10_init
new file mode 100644
index 00000000..f1c61cec
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr1/10_init
@@ -0,0 +1,29 @@
+
+as testid@aaf.att.com
+
+# TC_Appr1.10.0.POS List NS to prove ok
+expect 200
+ns list name com.test.appr
+ns list name com.test.appr.@[user.name]
+
+# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals
+expect 201
+ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Appr1.10.2.POS Create General Namespace to add Approvals
+ns create com.test.appr @[user.name] testid@aaf.att.com
+
+# TC_Appr1.10.10.POS Create Roles in Namespace
+role create com.test.appr.@[user.name].addToUserRole
+role create com.test.appr.@[user.name].grantToPerm
+role create com.test.appr.@[user.name].ungrantFromPerm
+role create com.test.appr.@[user.name].grantFirstPerm
+role create com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.10.12.POS Create Permissions in Namespace
+perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+perm create com.test.appr.@[user.name].grantToRole myInstance myAction
+force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
diff --git a/authz-test/TestSuite/MTC_Appr1/15_create b/authz-test/TestSuite/MTC_Appr1/15_create
new file mode 100644
index 00000000..8791a3b5
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr1/15_create
@@ -0,0 +1,40 @@
+expect 403
+as testunused@aaf.att.com
+
+# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request
+user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr1.15.02.NEG Create Approval for NS create
+ns create com.test.appr.@[user.name].myProject @[user.name]
+
+# TC_Appr1.15.03.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+
+# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+
+# TC_Appr1.15.05.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+expect 202
+# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request
+set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr1.15.52.POS Create Approval for NS create
+set request=true ns create com.test.appr.@[user.name].myProject @[user.name]
+
+# TC_Appr1.15.53.POS Generate Approval for granting permission to role
+set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+
+# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+
+# TC_Appr1.15.55.POS Generate Approval for granting permission to role
+request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+
diff --git a/authz-test/TestSuite/MTC_Appr1/Description b/authz-test/TestSuite/MTC_Appr1/Description
new file mode 100644
index 00000000..59af5e1d
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/MTC_Appr2/00_ids b/authz-test/TestSuite/MTC_Appr2/00_ids
new file mode 100644
index 00000000..e5c040ea
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr2/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/MTC_Appr2/99_cleanup b/authz-test/TestSuite/MTC_Appr2/99_cleanup
new file mode 100644
index 00000000..4d6fa758
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr2/99_cleanup
@@ -0,0 +1,35 @@
+
+as testid@aaf.att.com
+
+expect 200,404
+
+# TC_Appr2.99.10.POS Delete UserRoles if exists
+user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].deleteThisRole
+user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+
+# TC_Appr2.10.11.POS Delete Roles if exists
+set force=true role delete com.test.appr.@[user.name].addToUserRole
+set force=true role delete com.test.appr.@[user.name].grantToPerm
+set force=true role delete com.test.appr.@[user.name].ungrantFromPerm
+role delete com.test.appr.@[user.name].grantedRole
+role delete com.test.appr.@[user.name].approvedRole
+role delete com.test.appr.@[user.name].approvedRole2
+role delete com.test.appr.@[user.name].grantFirstPerm
+role delete com.test.appr.@[user.name].grantSecondPerm
+
+# TC_Appr2.10.12.POS Delete Permissions if exists
+perm delete com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].grantedRole
+perm delete com.test.appr.@[user.name].grantToRole myInstance myAction
+perm delete com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+perm delete com.test.appr.@[user.name].approvedPerm myInstance myAction
+perm delete com.test.appr.@[user.name].approvedPerm * *
+perm delete com.test.appr.@[user.name].approvedPerm2 myInstance myAction
+perm delete com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+perm delete com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction
+
+
+# TC_Appr2.99.80.POS Delete Namespaces for TestSuite if exists
+ns delete com.test.appr.@[user.name].myProject
+set force=true ns delete com.test.appr.@[user.name]
+set force=true ns delete com.test.appr
+
diff --git a/authz-test/TestSuite/MTC_Appr2/Description b/authz-test/TestSuite/MTC_Appr2/Description
new file mode 100644
index 00000000..59af5e1d
--- /dev/null
+++ b/authz-test/TestSuite/MTC_Appr2/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/TC_Cred1/00_ids b/authz-test/TestSuite/TC_Cred1/00_ids
new file mode 100644
index 00000000..9f6ad902
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+set XX@NS=<pass>
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Cred1/10_init b/authz-test/TestSuite/TC_Cred1/10_init
new file mode 100644
index 00000000..18231c0d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/10_init
@@ -0,0 +1,36 @@
+as testid@aaf.att.com
+# TC_Cred1.10.0.POS List NS to prove ok
+expect 200
+ns list name com.test.TC_Cred1.@[user.name]
+
+# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
+expect 201
+ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Cred1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
+role create com.test.TC_Cred1.@[user.name].pw_reset
+
+# TC_Cred1.10.11.POS Assign roles to perms
+as XX@NS
+expect 201
+perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
+perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
+perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Cred1.10.30.POS Assign user for creating creds
+expect 201
+user cred add m99999@@[user.name].TC_Cred1.test.com password123
+set m99999@@[user.name].TC_Cred1.test.com=password123
+
+
+# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
+expect 201
+user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
+
+# TC_Cred1.10.32.POS Remove create rights for testing
+expect 200
+user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+
diff --git a/authz-test/TestSuite/TC_Cred1/15_create b/authz-test/TestSuite/TC_Cred1/15_create
new file mode 100644
index 00000000..c862d980
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/15_create
@@ -0,0 +1,33 @@
+# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
+as testunused@aaf.att.com
+expect 403
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
+as m99999@@[user.name].TC_Cred1.test.com
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
+as testunused@aaf.att.com
+expect 403
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
+as m99999@@[user.name].TC_Cred1.test.com:password123
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
+as testid@aaf.att.com
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
+
+# TC_Cred1.15.20.POS Admin, delete
+expect 200
+user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
+
diff --git a/authz-test/TestSuite/TC_Cred1/30_multiple_creds b/authz-test/TestSuite/TC_Cred1/30_multiple_creds
new file mode 100644
index 00000000..689225e2
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/30_multiple_creds
@@ -0,0 +1,69 @@
+# TC_Cred1.30.1.NEG Multiple options available to delete
+as XX@NS
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
+
+as testid@aaf.att.com
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
+
+# TC_Cred1.30.2.POS Succeeds when we choose last option
+expect 200
+user cred del m99990@@[user.name].TC_Cred1.test.com 2
+
+# TC_Cred1.30.10.POS Add another credential
+expect 201
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.30.11.NEG Multiple options available to reset
+expect 300
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+
+# TC_Cred1.30.12.NEG Fails when we choose a bad option
+expect 406
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
+
+# TC_Cred1.30.13.POS Succeeds when we choose last option
+expect 200
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
+
+#TC_Cred1.30.30.NEG Fails when we don't have specific property
+expect 403
+user cred extend m99990@@[user.name].TC_Cred1.test.com
+
+#### EXTENDS behavior ####
+#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
+expect 201
+as XX@NS
+role create com.test.TC_Cred1.@[user.name].extendTemp
+
+#TC_Cred1.30.33.POS Grant Extends Permission to Role
+expect 201
+perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
+
+#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
+expect 201
+role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
+
+#TC_Cred1.30.36.POS Extend Password, expecting Single Response
+expect 200
+user cred extend m99990@@[user.name].TC_Cred1.test.com 1
+
+#TC_Cred1.30.39.POS Remove Role
+expect 200
+set force=true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+
+#### MULTI CLEANUP #####
+expect 200
+role list user m99990@@[user.name].TC_Cred1.test.com
+
+# TC_Cred1.30.80.POS Delete all entries for this cred
+expect 200
+set force=true
+user cred del m99990@@[user.name].TC_Cred1.test.com
+
+# TC_Cred1.30.99.POS List ns shows no creds attached
+expect 200
+ns list name com.test.TC_Cred1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Cred1/99_cleanup b/authz-test/TestSuite/TC_Cred1/99_cleanup
new file mode 100644
index 00000000..3af41749
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/99_cleanup
@@ -0,0 +1,29 @@
+as testid@aaf.att.com
+# TC_Cred1.99.1.POS Delete credentials
+expect 200,404
+force user cred del m99990@@[user.name].TC_Cred1.test.com
+
+#TC_Cred1.99.2.POS Ensure Remove Role
+expect 200,404
+set force=true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+
+# TC_Cred1.99.10.POS Remove ability to create creds
+force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+force perm delete com.att.aaf.password com.test reset
+force perm delete com.att.aaf.mechid com.test create
+
+as testid@aaf.att.com
+force role delete com.test.TC_Cred1.@[user.name].cred_admin
+force role delete com.test.TC_Cred1.@[user.name].pw_reset
+
+# TC_Cred1.99.99.POS Delete Namespace for TestSuite
+set force=true ns delete com.test.TC_Cred1.@[user.name]
+
+as XX@NS
+force ns delete com.test.TC_Cred1.@[user.name]
+force ns delete com.test.TC_Cred1
+
diff --git a/authz-test/TestSuite/TC_Cred1/Description b/authz-test/TestSuite/TC_Cred1/Description
new file mode 100644
index 00000000..59af5e1d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Cred1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/TC_DELG1/00_ids b/authz-test/TestSuite/TC_DELG1/00_ids
new file mode 100644
index 00000000..0f77e593
--- /dev/null
+++ b/authz-test/TestSuite/TC_DELG1/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set m99999@@[user.name].delg.test.com=password123
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
diff --git a/authz-test/TestSuite/TC_DELG1/10_init b/authz-test/TestSuite/TC_DELG1/10_init
new file mode 100644
index 00000000..558effe0
--- /dev/null
+++ b/authz-test/TestSuite/TC_DELG1/10_init
@@ -0,0 +1,55 @@
+# TC_DELG1.10.1.POS Check For Existing Data
+as testid@aaf.att.com
+expect 200
+ns list name com.test.delg.@[user.name]
+
+as XX@NS
+expect 201,409
+perm create com.att.aaf.delg com.att * com.att.admin
+
+expect 404
+user list delegates delegate @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.10.2.POS Create Namespace to add IDs
+expect 201
+ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com
+
+as XX@NS
+# TC_DELG1.10.10.POS Grant ability to change delegates
+expect 404
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.11.POS Grant ability to change delegates
+expect 201
+role create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.12.POS Grant ability to change delegates
+expect 201
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.14.POS Create user role to change delegates
+expect 201
+user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg
+
+# TC_DELG1.10.15.POS Grant ability to create cred
+expect 201
+perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_DELG1.10.30.POS Create cred that will change his own delg
+expect 201
+user cred add m99999@@[user.name].delg.test.com password123
+
+as XX@NS
+ TC_DELG1.10.31.POS ungrant ability to create cred
+expect 200
+perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_DELG1.10.99.POS Check for Data as Correct
+expect 200
+ns list name com.test.delg.@[user.name]
+
+
+
diff --git a/authz-test/TestSuite/TC_DELG1/20_create b/authz-test/TestSuite/TC_DELG1/20_create
new file mode 100644
index 00000000..2dec8bf3
--- /dev/null
+++ b/authz-test/TestSuite/TC_DELG1/20_create
@@ -0,0 +1,55 @@
+# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID
+expect 404
+user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate
+expect 404
+user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.20.NEG May not change user, no delegate permission
+as m99999@@[user.name].delg.test.com
+expect 403
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as testid@aaf.att.com
+# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist
+expect 404
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.22.NEG May not create delegate for self.
+expect 406
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+# TC_DELG1.20.23.POS May create delegate for self for tests by forcing.
+expect 201
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as XX@NS
+# TC_DELG1.20.30.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.20.35.NEG Fail Create when exists
+expect 409
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+
+as XX@NS
+# TC_DELG1.20.40.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+as testid@aaf.att.com
+# TC_DELG1.20.46.POS Update Delegate with new Date
+expect 200
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00'
+
+as XX@NS
+# TC_DELG1.20.82.POS Expect Delegates for User
+expect 200
+user list delegates user @[user.name]@csp.att.com
+
+# TC_DELG1.20.83.POS Expect Delegate to show up in list
+expect 200
+user list delegates delegate @[user.name]@csp.att.com
+
diff --git a/authz-test/TestSuite/TC_DELG1/99_cleanup b/authz-test/TestSuite/TC_DELG1/99_cleanup
new file mode 100644
index 00000000..81dfd74e
--- /dev/null
+++ b/authz-test/TestSuite/TC_DELG1/99_cleanup
@@ -0,0 +1,17 @@
+expect 200,404
+as XX@NS
+# TC_DELG1.99.0.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+
+# TC_DELG1.99.10.POS Delete Delegates
+user delegate del @[user.name]@csp.att.com
+
+# TC_DELG1.99.30.POS Delete Namespace com.att.test.id
+force ns delete com.test.delg.@[user.name]
+
+# TC_DELG1.99.98.POS Check for Delegate Data as Correct
+user list delegates user @[user.name]@csp.att.com
+
+# TC_DELG1.99.99.POS Check for NS Data as Correct
+ns list name com.test.delg.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_DELG1/Description b/authz-test/TestSuite/TC_DELG1/Description
new file mode 100644
index 00000000..59af5e1d
--- /dev/null
+++ b/authz-test/TestSuite/TC_DELG1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user addCred :user :password
+ user delCred :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/TC_Link/00_ids b/authz-test/TestSuite/TC_Link/00_ids
new file mode 100644
index 00000000..0e7a40aa
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/00_ids
@@ -0,0 +1,9 @@
+expect 0
+set testid=<pass>
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Link/05_print b/authz-test/TestSuite/TC_Link/05_print
new file mode 100644
index 00000000..62d8e256
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/05_print
@@ -0,0 +1,6 @@
+expect 200,404
+# TC_05
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
diff --git a/authz-test/TestSuite/TC_Link/10_init b/authz-test/TestSuite/TC_Link/10_init
new file mode 100644
index 00000000..0f8a4431
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/10_init
@@ -0,0 +1,13 @@
+expect 201
+# TC_10
+as XX@NS
+ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS
+
+role create com.test.TC_Link_1.@[user.name].myRole
+
+perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+
+
diff --git a/authz-test/TestSuite/TC_Link/15_print b/authz-test/TestSuite/TC_Link/15_print
new file mode 100644
index 00000000..ac60ddcc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/15_print
@@ -0,0 +1,6 @@
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
diff --git a/authz-test/TestSuite/TC_Link/20_del b/authz-test/TestSuite/TC_Link/20_del
new file mode 100644
index 00000000..35a01d39
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/20_del
@@ -0,0 +1,3 @@
+expect 200
+role delete com.test.TC_Link_1.@[user.name].myRole
+
diff --git a/authz-test/TestSuite/TC_Link/25_print b/authz-test/TestSuite/TC_Link/25_print
new file mode 100644
index 00000000..ac60ddcc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/25_print
@@ -0,0 +1,6 @@
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
diff --git a/authz-test/TestSuite/TC_Link/30_readd b/authz-test/TestSuite/TC_Link/30_readd
new file mode 100644
index 00000000..69bfb22a
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/30_readd
@@ -0,0 +1,5 @@
+expect 201
+role create com.test.TC_Link_1.@[user.name].myRole
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+
diff --git a/authz-test/TestSuite/TC_Link/35_print b/authz-test/TestSuite/TC_Link/35_print
new file mode 100644
index 00000000..ac60ddcc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/35_print
@@ -0,0 +1,6 @@
+# 15_print
+expect 200
+ns list name com.test.TC_Link_1.@[user.name]
+ns list name com.test.TC_Link_2.@[user.name]
+perm list role com.test.TC_Link_1.@[user.name].myRole
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
diff --git a/authz-test/TestSuite/TC_Link/99_delete b/authz-test/TestSuite/TC_Link/99_delete
new file mode 100644
index 00000000..8dfcd17b
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/99_delete
@@ -0,0 +1,5 @@
+as XX@NS:<pass>
+
+expect 200,404
+force ns delete com.test.TC_Link_2.@[user.name]
+force ns delete com.test.TC_Link_1.@[user.name]
diff --git a/authz-test/TestSuite/TC_Link/Description b/authz-test/TestSuite/TC_Link/Description
new file mode 100644
index 00000000..3abdcad3
--- /dev/null
+++ b/authz-test/TestSuite/TC_Link/Description
@@ -0,0 +1,9 @@
+This Testcase Tests the essentials of Grants
+
+APIs:
+
+
+CLI:
+ Target
+ Ancillary
+
diff --git a/authz-test/TestSuite/TC_NS1/00_ids b/authz-test/TestSuite/TC_NS1/00_ids
new file mode 100644
index 00000000..26c5db24
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/00_ids
@@ -0,0 +1,9 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
diff --git a/authz-test/TestSuite/TC_NS1/01_ERR_BadData b/authz-test/TestSuite/TC_NS1/01_ERR_BadData
new file mode 100644
index 00000000..09b3b949
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/01_ERR_BadData
@@ -0,0 +1,14 @@
+
+as testid@aaf.att.com
+# TC_NS1.01.0.POS Expect Clean Namespace to start
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party
+expect 403
+ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS
+
+# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin
+expect 403
+ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS
+
diff --git a/authz-test/TestSuite/TC_NS1/10_init b/authz-test/TestSuite/TC_NS1/10_init
new file mode 100644
index 00000000..b05be769
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/10_init
@@ -0,0 +1,30 @@
+
+as testid@aaf.att.com
+# TC_NS1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_NS1.10.40.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.10.41.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS1.@[user.name].admin
+
+# TC_NS1.10.42.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS1.@[user.name].owner
+
+# TC_NS1.10.43.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS1.@[user.name].access * *
+
+# TC_NS1.10.44.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS1.@[user.name].access * read
+
diff --git a/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists b/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists
new file mode 100644
index 00000000..b6aa5080
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists
@@ -0,0 +1,4 @@
+# TC_NS1.11.1.NEG Create Namespace when exists
+expect 409
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+
diff --git a/authz-test/TestSuite/TC_NS1/20_Commands b/authz-test/TestSuite/TC_NS1/20_Commands
new file mode 100644
index 00000000..b53750a1
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/20_Commands
@@ -0,0 +1,7 @@
+# TC_NS1.20.1.NEG Too Few Args for Create 1
+expect Exception
+ns create
+
+# TC_NS1.20.2.NEG Too Few Args for Create 2
+expect Exception
+ns create bogus
diff --git a/authz-test/TestSuite/TC_NS1/30_add_data b/authz-test/TestSuite/TC_NS1/30_add_data
new file mode 100644
index 00000000..830b9658
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/30_add_data
@@ -0,0 +1,14 @@
+# TC_NS1.30.10.NEG Non-admins can't change description
+expect 403
+as testunused@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+
+# TC_NS1.30.11.NEG Namespace must exist to change description
+expect 404
+as testid@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name].project1 Description for my project
+
+# TC_NS1.30.12.POS Admin can change description
+expect 200
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+
diff --git a/authz-test/TestSuite/TC_NS1/50_Admin b/authz-test/TestSuite/TC_NS1/50_Admin
new file mode 100644
index 00000000..78df9cc8
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/50_Admin
@@ -0,0 +1,49 @@
+# TC_NS1.50.1.NEG Adding a Bogus ID
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] bogus
+
+# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+
+# TC_NS1.50.3.NEG Adding an OK ID, bad domain
+expect 403
+ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+
+# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+sleep @[NFR]
+# TC_NS1.50.10.POS Adding an OK ID
+expect 201
+ns admin add com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.11.POS Deleting One of Two
+expect 200
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.13.POS Add ID back in
+expect 201
+ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+# TC_NS1.50.14.POS Deleting original
+expect 200
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.15.NEG Can't remove twice
+expect 404
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+
+# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions
+expect 403
+role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain
+
+# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions
+expect 403
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin
+
diff --git a/authz-test/TestSuite/TC_NS1/60_Responsible b/authz-test/TestSuite/TC_NS1/60_Responsible
new file mode 100644
index 00000000..c6fc0261
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/60_Responsible
@@ -0,0 +1,43 @@
+# TC_NS1.60.1.NEG Adding a Bogus ID
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] bogus
+
+# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+
+# TC_NS1.60.3.NEG Adding an OK ID, bad domain
+expect 403
+ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+
+# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] testid
+
+# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+
+sleep @[NFR]
+# TC_NS1.60.10.POS Adding an OK ID
+# Note: mw9749 used because we must have employee as responsible
+expect 201
+ns responsible add com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.11.POS Deleting One of Two
+expect 200
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.12.NEG mw9749 no longer Admin
+expect 404
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+
+# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions
+expect 403
+role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain
+
+# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions
+expect 403
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner
+
+
diff --git a/authz-test/TestSuite/TC_NS1/80_CheckData b/authz-test/TestSuite/TC_NS1/80_CheckData
new file mode 100644
index 00000000..207c75f0
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/80_CheckData
@@ -0,0 +1,15 @@
+sleep @[NFR]
+# TC_NS1.80.1.POS List Data on Empty NS
+as testid@aaf.att.com
+
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
+
+# TC_NS1.80.2.POS Add Roles to NS for Listing
+expect 201
+role create com.test.TC_NS1.@[user.name].r.A
+role create com.test.TC_NS1.@[user.name].r.B
+
+# TC_NS1.80.3.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_NS1.@[user.name]
diff --git a/authz-test/TestSuite/TC_NS1/90_ERR_Delete b/authz-test/TestSuite/TC_NS1/90_ERR_Delete
new file mode 100644
index 00000000..324e829d
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/90_ERR_Delete
@@ -0,0 +1,7 @@
+# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace
+expect 403
+as testunused@aaf.att.com
+ns delete com.test.TC_NS1.@[user.name]
+
+sleep @[NFR]
+
diff --git a/authz-test/TestSuite/TC_NS1/99_cleanup b/authz-test/TestSuite/TC_NS1/99_cleanup
new file mode 100644
index 00000000..36d5512d
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/99_cleanup
@@ -0,0 +1,15 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NS1.@[user.name].r.A
+role delete com.test.TC_NS1.@[user.name].r.B
+
+# TC_NS1.99.2.POS Namespace Admin can delete Namespace
+ns delete com.test.TC_NS1.@[user.name]
+
+sleep @[NFR]
+
+# TC_NS1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_NS1/Description b/authz-test/TestSuite/TC_NS1/Description
new file mode 100644
index 00000000..0cde49ed
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS1/Description
@@ -0,0 +1,15 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs: POST /authz/ns
+ DELETE /authz/ns/:ns
+ GET /authz/roles/:role (where Role is NS + "*")
+
+CLI:
+ Target
+ ns create :ns :responsibleParty :admins
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
diff --git a/authz-test/TestSuite/TC_NS2/00_ids b/authz-test/TestSuite/TC_NS2/00_ids
new file mode 100644
index 00000000..450818e0
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
diff --git a/authz-test/TestSuite/TC_NS2/10_init b/authz-test/TestSuite/TC_NS2/10_init
new file mode 100644
index 00000000..73b2cc78
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/10_init
@@ -0,0 +1,71 @@
+
+as testid@aaf.att.com
+# TC_NS2.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com
+
+# TC_NS2.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com
+
+as XX@NS:<pass>
+# TC_NS2.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].admin
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].owner
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NS2.@[user.name].project
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].project.admin
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+perm list role com.test.TC_NS2.@[user.name].project.owner
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].project.access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+expect 200
+role list perm com.test.TC_NS2.@[user.name].project.access * read
+
diff --git a/authz-test/TestSuite/TC_NS2/20_add_data b/authz-test/TestSuite/TC_NS2/20_add_data
new file mode 100644
index 00000000..ef5e11ea
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/20_add_data
@@ -0,0 +1,18 @@
+as testid@aaf.att.com
+# TC_NS2.20.1.POS Create roles
+expect 201
+role create com.test.TC_NS2.@[user.name].watcher
+role create com.test.TC_NS2.@[user.name].myRole
+
+# TC_NS2.20.2.POS Create permissions
+perm create com.test.TC_NS2.@[user.name].myType myInstance myAction
+perm create com.test.TC_NS2.@[user.name].myType * *
+
+# TC_NS2.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_NS2.test.com password123
+
+as XX@NS
+# TC_NS2.20.10.POS Grant view perms to watcher role
+expect 201
+perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher
+
diff --git a/authz-test/TestSuite/TC_NS2/40_viewByName b/authz-test/TestSuite/TC_NS2/40_viewByName
new file mode 100644
index 00000000..6539acc7
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/40_viewByName
@@ -0,0 +1,31 @@
+
+as testunused@aaf.att.com
+# TC_NS2.40.1.NEG Non-admin, not granted user should not view
+expect 403
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_NS2.40.10.POS Add user to watcher role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+
+as testunused@aaf.att.com
+# TC_NS2.40.11.POS Non-admin, granted user should view
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+as testid@aaf.att.com
+# TC_NS2.40.19.POS Remove user from watcher role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+
+# Thirties test admin user
+# TC_NS2.40.20.POS Admin should be able to view
+expect 200
+ns list name com.test.TC_NS2.@[user.name]
+
+# TC_NS2.40.21.POS Admin of parent NS should be able to view
+expect 200
+ns list name com.test.TC_NS2.@[user.name].project
+
diff --git a/authz-test/TestSuite/TC_NS2/41_viewByAdmin b/authz-test/TestSuite/TC_NS2/41_viewByAdmin
new file mode 100644
index 00000000..ad15e9d9
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/41_viewByAdmin
@@ -0,0 +1,20 @@
+# TC_NS2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+expect 200
+ns list admin testunused@aaf.att.com
+
+# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace
+as testunused@aaf.att.com
+expect 200
+ns list admin XX@NS
+
diff --git a/authz-test/TestSuite/TC_NS2/99_cleanup b/authz-test/TestSuite/TC_NS2/99_cleanup
new file mode 100644
index 00000000..24d16d3a
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/99_cleanup
@@ -0,0 +1,27 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+role delete com.test.TC_NS2.@[user.name].myRole
+role delete com.test.TC_NS2.@[user.name].watcher
+perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction
+perm delete com.test.TC_NS2.@[user.name].myType * *
+user cred del m99990@@[user.name].TC_NS2.test.com
+
+as XX@NS
+force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read
+
+# TC_NS2.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+
+as testid@aaf.att.com:<pass>
+force role delete com.test.TC_NS2.@[user.name].cred_admin
+
+# TC_NS2.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS2.@[user.name].project
+force ns delete com.test.TC_NS2.@[user.name]
+sleep @[NFR]
+
+# TC_NS2.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS2.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_NS2/Description b/authz-test/TestSuite/TC_NS2/Description
new file mode 100644
index 00000000..40f2b6c4
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS2/Description
@@ -0,0 +1,7 @@
+This Testcase Tests the viewability of different ns commands
+
+APIs:
+
+CLI:
+
+
diff --git a/authz-test/TestSuite/TC_NS3/00_ids b/authz-test/TestSuite/TC_NS3/00_ids
new file mode 100644
index 00000000..ad09d774
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_NS3/10_init b/authz-test/TestSuite/TC_NS3/10_init
new file mode 100644
index 00000000..b13dcefa
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/10_init
@@ -0,0 +1,8 @@
+as XX@NS
+expect 200
+ns list name com.test.TC_NS3.@[user.name]
+
+# TC_NS3.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com
+
diff --git a/authz-test/TestSuite/TC_NS3/20_add b/authz-test/TestSuite/TC_NS3/20_add
new file mode 100644
index 00000000..46ca091e
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/20_add
@@ -0,0 +1,56 @@
+as testid_1@test.com
+expect Exception
+# TC_NS3.20.0.NEG Too short
+ns attrib
+
+# TC_NS3.20.1.NEG Wrong command
+ns attrib xyz
+
+# TC_NS3.20.2.NEG Too Short after Command
+ns attrib add
+
+# TC_NS3.20.3.NEG Too Short after Namespace
+ns attrib add com.test.TC_NS3.@[user.name]
+
+# TC_NS3.20.4.NEG Too Short after Key
+ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm
+
+# TC_NS3.20.5.NEG No Permission
+expect 403
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+
+# TC_NS3.20.6.POS Create Permission to write Attrib
+expect 201
+as XX@NS
+perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.6.POS Create Permission
+expect 201
+perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.10.POS Attribute added
+as testid_1@test.com
+expect 201
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+
+# TC_NS3.20.30.POS List NS by Attrib
+expect 200
+ns list keys TC_NS3_swm
+
+# TC_NS3.20.40.POS List NS (shows Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.20.42.POS Change Attrib
+ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1
+
+# TC_NS3.20.49.POS List NS (shows new Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.20.80.POS Remove write Permission
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.20.83.POS Remove read Permission
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+
diff --git a/authz-test/TestSuite/TC_NS3/50_delete b/authz-test/TestSuite/TC_NS3/50_delete
new file mode 100644
index 00000000..9612a1d3
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/50_delete
@@ -0,0 +1,27 @@
+as testid_1@test.com
+expect Exception
+# TC_NS3.50.2.NEG Too Short after Command
+ns attrib del
+
+# TC_NS3.50.3.NEG Too Short after Namespace
+ns attrib del com.test.TC_NS3.@[user.name]
+
+# TC_NS3.50.5.NEG No Permission
+expect 403
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+
+# TC_NS3.50.6.POS Create Permission
+as XX@NS
+expect 201
+perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
+# TC_NS3.50.7.POS Attribute added
+as testid_1@test.com
+expect 200
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+
+# TC_NS3.50.8.POS Remove Permission
+as XX@NS
+expect 200
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+
diff --git a/authz-test/TestSuite/TC_NS3/99_cleanup b/authz-test/TestSuite/TC_NS3/99_cleanup
new file mode 100644
index 00000000..104831d7
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/99_cleanup
@@ -0,0 +1,14 @@
+expect 200,404
+as testid_1@test.com
+# TC_NS3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.99.3.POS Print Namespaces
+ns list name com.test.TC_NS3.@[user.name]_1
+
+# TC_NS3.99.10.POS Remove Special Permissions
+as XX@NS
+force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write
+
+force perm delete com.att.aaf.attrib :com.att.*:* read
+
diff --git a/authz-test/TestSuite/TC_NS3/Description b/authz-test/TestSuite/TC_NS3/Description
new file mode 100644
index 00000000..2283774d
--- /dev/null
+++ b/authz-test/TestSuite/TC_NS3/Description
@@ -0,0 +1,10 @@
+This is a TEMPLATE testcase, to make creating new Test Cases easier.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+as
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/00_ids b/authz-test/TestSuite/TC_NSdelete1/00_ids
new file mode 100644
index 00000000..450818e0
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+
+#delay 10
+set NFR=0
+
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/10_init b/authz-test/TestSuite/TC_NSdelete1/10_init
new file mode 100644
index 00000000..7be6981c
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/10_init
@@ -0,0 +1,35 @@
+as testid@aaf.att.com
+# TC_NSdelete1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.force.@[user.name]
+ns list name com.@[user.name]
+
+as XX@NS
+# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com
+ns create com.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com
+ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_NSdelete1.10.2.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.TC_NSdelete1.@[user.name]
+ns list name com.@[user.name]
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+# TC_NSdelete1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_NSdelete1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp b/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp
new file mode 100644
index 00000000..519e135f
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp
@@ -0,0 +1,30 @@
+as testid@aaf.att.com
+# TC_NSdelete1.20.1.POS Create valid Role in my Namespace
+expect 201
+role create com.test.TC_NSdelete1.@[user.name].app.r.A
+
+# TC_NSdelete1.20.2.POS Create valid permission
+expect 201
+perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+
+# TC_NSdelete1.20.3.POS Add credential to my namespace
+expect 201
+user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123
+
+# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential
+expect 424
+ns delete com.test.TC_NSdelete1.@[user.name].app
+
+# TC_NSdelete1.20.11.POS Delete Credential
+expect 200
+set force=true
+user cred del m99990@app.@[user.name].TC_NSdelete1.test.com
+
+# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached
+expect 424
+ns delete com.test.TC_NSdelete1.@[user.name].app
+
+# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns
+expect 200
+set force=move ns list name com.test.TC_NSdelete1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany b/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany
new file mode 100644
index 00000000..6c69bb20
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany
@@ -0,0 +1,42 @@
+as testid@aaf.att.com
+# TC_NSdelete1.30.1.POS Create valid Role in my Namespace
+expect 201
+role create com.@[user.name].r.A
+
+# TC_NSdelete1.30.2.NEG Delete Company with role attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles
+expect 200
+role delete com.@[user.name].r.A
+
+# TC_NSdelete1.30.10.POS Create valid permission
+expect 201
+perm create com.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.30.11.NEG Delete Company with permission attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms
+expect 200
+perm delete com.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.30.20.POS Create valid Credential in my namespace
+expect 201
+user cred add m99990@@[user.name].com password123
+
+# TC_NSdelete1.30.21.NEG Delete Company with credential attached
+expect 424
+ns delete com.@[user.name]
+
+# TC_NSdelete1.30.22.POS Namespace admin can remove Cred
+expect 200
+set force=true
+user cred del m99990@@[user.name].com
+
+# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached
+expect 200
+ns delete com.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete b/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete
new file mode 100644
index 00000000..c4ae2bb7
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete
@@ -0,0 +1,26 @@
+# TC_NSdelete1.40.1.POS Create valid Role in my Namespace
+expect 201
+role create com.test.force.@[user.name].r.A
+
+# TC_NSdelete1.40.2.POS Create valid permission in my Namespace
+expect 201
+perm create com.test.force.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.40.3.POS Add credential to my namespace
+expect 201
+user cred add m99990@@[user.name].force.test.com password123
+
+# TC_NSdelete1.40.10.POS Delete Program in my Namespace
+expect 200
+set force=true ns delete com.test.force.@[user.name]
+
+sleep @[NFR]
+# TC_NSdelete1.40.20.NEG Role and permission should not exist
+expect 200,404
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.40.22.NEG Credential should not exist
+expect 404
+set force=true
+user cred del m99990@@[user.name].force.test.com
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/99_cleanup b/authz-test/TestSuite/TC_NSdelete1/99_cleanup
new file mode 100644
index 00000000..cb97bc03
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/99_cleanup
@@ -0,0 +1,36 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NSdelete1.@[user.name].app.r.A
+
+# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles
+perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+
+# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials
+set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com
+
+# TC_NSdelete1.99.10.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin
+
+# TC_NSdelete1.99.97.POS Clean Namespace
+set force=true ns delete com.test.TC_NSdelete1.@[user.name].app
+set force=true ns delete com.test.TC_NSdelete1.@[user.name]
+set force=true ns delete com.test.force.@[user.name]
+
+# TC_NSdelete1.99.98.POS Check Clean Namespace
+ns list name com.test.TC_NSdelete1.@[user.name].app
+ns list name com.test.TC_NSdelete1.@[user.name]
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.99.99.POS Clean and check Company Namespace
+as XX@NS
+set force=true ns delete com.@[user.name]
+ns list name com.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/Description b/authz-test/TestSuite/TC_NSdelete1/Description
new file mode 100644
index 00000000..be99e94f
--- /dev/null
+++ b/authz-test/TestSuite/TC_NSdelete1/Description
@@ -0,0 +1,15 @@
+This Testcase Tests the deletion of a Namespace with attached roles and permissions
+
+APIs: POST /authz/ns
+ DELETE /authz/ns/:ns
+ GET /authz/roles/:role (where Role is NS + "*")
+
+CLI:
+ Target
+ ns create :ns :responsibleParty :admins
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
diff --git a/authz-test/TestSuite/TC_PW1/00_ids b/authz-test/TestSuite/TC_PW1/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_PW1/10_init b/authz-test/TestSuite/TC_PW1/10_init
new file mode 100644
index 00000000..7614fc4a
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/10_init
@@ -0,0 +1,24 @@
+
+as testid@aaf.att.com
+
+# TC_PW1.10.0.POS Validate no NS
+expect 200,404
+ns list name com.test.TC_PW1.@[user.name]
+
+# TC_PW1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_PW1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_PW1.@[user.name].cred_admin
+
+as XX@NS
+# TC_PW1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_PW1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
diff --git a/authz-test/TestSuite/TC_PW1/20_length b/authz-test/TestSuite/TC_PW1/20_length
new file mode 100644
index 00000000..233683a8
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/20_length
@@ -0,0 +1,10 @@
+# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length
+expect 406
+user cred add m12345@TC_PW1.test.com 12
+
+# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1
+
+# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1234567
+
diff --git a/authz-test/TestSuite/TC_PW1/21_groups b/authz-test/TestSuite/TC_PW1/21_groups
new file mode 100644
index 00000000..0d853484
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/21_groups
@@ -0,0 +1,40 @@
+# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com 12345678
+
+# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh
+
+# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*"
+
+# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+
+sleep @[NFR]
+expect 200
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID
+expect 406
+user cred add m12345@@[user.name].TC_PW1.test.com m12345
+
diff --git a/authz-test/TestSuite/TC_PW1/23_commands b/authz-test/TestSuite/TC_PW1/23_commands
new file mode 100644
index 00000000..91502251
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/23_commands
@@ -0,0 +1,6 @@
+# TC_PW1.23.1.NEG Too Few Args for User Cred 1
+expect Exception
+user cred
+
+# TC_PW1.23.2.NEG Too Few Args for User Cred add
+user cred add
diff --git a/authz-test/TestSuite/TC_PW1/30_reset b/authz-test/TestSuite/TC_PW1/30_reset
new file mode 100644
index 00000000..ac058eba
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/30_reset
@@ -0,0 +1,15 @@
+# TC_PW1.30.1.POS Create a Credential, with Temporary Time
+expect 201
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+
+# TC_PW1.30.3.NEG Credential Exists
+expect 409
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf"
+
+# TC_PW1.30.8.POS Reset this Password
+expect 200
+user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1
+
+# TC_PW1.30.9.POS Delete a Credential
+user cred del m12345@@[user.name].TC_PW1.test.com 1
+
diff --git a/authz-test/TestSuite/TC_PW1/99_cleanup b/authz-test/TestSuite/TC_PW1/99_cleanup
new file mode 100644
index 00000000..9de26368
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/99_cleanup
@@ -0,0 +1,21 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com
+set force=true
+user cred del m12345@@[user.name].TC_PW1.test.com
+
+# TC_PW1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_PW1.@[user.name].cred_admin
+
+# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1
+ns delete com.test.TC_PW1.@[user.name]
+
+# TC_PW1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_PW1.@[user.name]
diff --git a/authz-test/TestSuite/TC_PW1/Description b/authz-test/TestSuite/TC_PW1/Description
new file mode 100644
index 00000000..24180f49
--- /dev/null
+++ b/authz-test/TestSuite/TC_PW1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user cred add :user :password
+ user cred del :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids
new file mode 100644
index 00000000..0e7a40aa
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/00_ids
@@ -0,0 +1,9 @@
+expect 0
+set testid=<pass>
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init
new file mode 100644
index 00000000..08a9d171
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/10_init
@@ -0,0 +1,23 @@
+# TC_Perm1.10.0.POS Validate Namespace is empty first
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Perm1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Perm1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Perm1.10.12.POS Assign user for creating creds
+expect 201
+user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data
new file mode 100644
index 00000000..308170f8
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/20_add_data
@@ -0,0 +1,38 @@
+# TC_Perm1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.2.POS Add Perm
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.3.NEG Already Added Perm
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.8.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
+# TC_Perm1.20.11.NEG Permission must exist to change description
+expect 404
+as testid
+perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
+
+# TC_Perm1.20.12.POS Admin can change description
+expect 200
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename
new file mode 100644
index 00000000..e2495608
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/22_rename
@@ -0,0 +1,52 @@
+# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+expect 409
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+expect 403
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.22.10.POS View permission in original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.11.POS Rename permission instance
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.13.POS Rename permission action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+
+# TC_Perm1.22.14.POS Verify change in permission action
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.15.POS Rename permission type
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.16.POS Verify change in permission type
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned
new file mode 100644
index 00000000..3085ace7
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/25_grant_owned
@@ -0,0 +1,40 @@
+# TC_Perm1.25.1.POS Create another Role in This namespace
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.2.POS Create another Perm in This namespace
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.4.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.5.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.6.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.11.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.25.21.POS Owner of permission can reset roles
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned
new file mode 100644
index 00000000..4449624f
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/26_grant_unowned
@@ -0,0 +1,175 @@
+# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+expect 201
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+expect 201
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+expect 201
+role create com.test2.TC_Perm1.@[user.name].r.C
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 202
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+expect 201
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.16.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 202
+set request=true
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS:<pass>
+expect 201
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+sleep @[NFR]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+expect 201
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.34.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+expect 200
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+expect 403
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+expect 403
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+expect 200
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name].r.C
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+force ns delete com.test.TC_Perm1.@[user.name]_2
+as XX@NS
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force
new file mode 100644
index 00000000..12ee9839
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/27_grant_force
@@ -0,0 +1,29 @@
+# TC_Perm1.27.1.POS Create Permission
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.27.2.POS Create Role
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.11.POS Role is created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.13.POS Perm is created with force
+expect 201
+force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.14.POS Role and perm are created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
+
+
diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns
new file mode 100644
index 00000000..a92562a6
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/30_change_ns
@@ -0,0 +1,14 @@
+# TC_Perm1.30.1.POS List Data on non-Empty NS
+as testid
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Perm1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+
diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup
new file mode 100644
index 00000000..222e2a4c
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/99_cleanup
@@ -0,0 +1,42 @@
+as XX@NS:<pass>
+expect 200,404
+
+# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name].r.unknown
+role delete com.test.TC_Perm1.@[user.name].r.unknown2
+role delete com.test2.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.99.2.POS Remove ability to create creds
+user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS:<pass>
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com:<pass>
+role delete com.test.TC_Perm1.@[user.name].cred_admin
+
+sleep @[NFR]
+as XX@NS:<pass>
+# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
+set force=true ns delete com.test2.TC_Perm1.@[user.name]
+as testid:<pass>
+force ns delete com.test.TC_Perm1.@[user.name].r
+force ns delete com.test.TC_Perm1.@[user.name]_2
+force ns delete com.test.TC_Perm1.@[user.name]
+force ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.99.99.POS List to prove removed
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+ns list name com.test.TC_Perm1.@[user.name]_2
+ns list name com.test2.TC_Perm1.@[user.name]
diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description
new file mode 100644
index 00000000..012a12b1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
diff --git a/authz-test/TestSuite/TC_Perm2/00_ids b/authz-test/TestSuite/TC_Perm2/00_ids
new file mode 100644
index 00000000..f7196fc8
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Perm2/10_init b/authz-test/TestSuite/TC_Perm2/10_init
new file mode 100644
index 00000000..dbda5edc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/10_init
@@ -0,0 +1,8 @@
+as testid@aaf.att.com
+# TC_Perm2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
diff --git a/authz-test/TestSuite/TC_Perm2/20_add_data b/authz-test/TestSuite/TC_Perm2/20_add_data
new file mode 100644
index 00000000..dfcff2fc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/20_add_data
@@ -0,0 +1,44 @@
+as testid@aaf.att.com:<pass>
+# TC_Perm2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.10.POS Add Perms with specific Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+
+# TC_Perm2.20.11.POS Add Perms with specific Instance and Star
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
+
+# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A * *
+perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+
+# TC_Perm2.20.20.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.superUser
+role create com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.21.POS Grant sub-NS perms to role
+expect 201
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.40.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.watcher
+
+as XX@NS
+# TC_Perm2.20.50.POS Grant view perms to watcher role
+expect 201
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
diff --git a/authz-test/TestSuite/TC_Perm2/30_change_ns b/authz-test/TestSuite/TC_Perm2/30_change_ns
new file mode 100644
index 00000000..b69f9e8d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/30_change_ns
@@ -0,0 +1,14 @@
+as testid@aaf.att.com
+# TC_Perm2.30.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
+
+# TC_Perm2.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+ns list name com.test.TC_Perm2.@[user.name].p
+
diff --git a/authz-test/TestSuite/TC_Perm2/40_viewByType b/authz-test/TestSuite/TC_Perm2/40_viewByType
new file mode 100644
index 00000000..cef41b05
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/40_viewByType
@@ -0,0 +1,82 @@
+
+as testunused@aaf.att.com
+# TC_Perm2.40.1.NEG Non-admin, not granted user should not view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_Perm2.40.10.POS Add user to superUser role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.11.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.12.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.13.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.19.POS Remove user from superUser role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+# Twenties test user granted explicit view permission
+# TC_Perm2.40.20.POS Add user to watcher role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as XX@NS
+# TC_Perm2.40.22.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.23.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.29.POS Remove user from watcher role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+# Thirties test admin user
+# TC_Perm2.40.30.POS Admin should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.31.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
+# TC_Perm2.40.32.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.34.POS Admin of parent NS should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.80.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.81.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
diff --git a/authz-test/TestSuite/TC_Perm2/41_viewByUser b/authz-test/TestSuite/TC_Perm2/41_viewByUser
new file mode 100644
index 00000000..51c2ecb4
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/41_viewByUser
@@ -0,0 +1,34 @@
+# TC_Perm2.41.1.POS Add user to some roles with perms attached
+as testid@aaf.att.com
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
+as XX@NS
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+perm list user XX@NS
+
+# TC_Perm2.41.99.POS Remove users from roles for later test
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
diff --git a/authz-test/TestSuite/TC_Perm2/42_viewByNS b/authz-test/TestSuite/TC_Perm2/42_viewByNS
new file mode 100644
index 00000000..69f4ed63
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/42_viewByNS
@@ -0,0 +1,10 @@
+# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+perm list ns com.test.TC_Perm2.@[user.name].p
+
+# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+perm list ns com.test.TC_Perm2.@[user.name].p
+
diff --git a/authz-test/TestSuite/TC_Perm2/43_viewByRole b/authz-test/TestSuite/TC_Perm2/43_viewByRole
new file mode 100644
index 00000000..29585b47
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/43_viewByRole
@@ -0,0 +1,15 @@
+# TC_Perm2.43.10.POS List perms when allowed to see Role
+as testid@aaf.att.com
+expect 200
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
+as testunused@aaf.att.com
+expect 403
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+
diff --git a/authz-test/TestSuite/TC_Perm2/99_cleanup b/authz-test/TestSuite/TC_Perm2/99_cleanup
new file mode 100644
index 00000000..2d853869
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/99_cleanup
@@ -0,0 +1,24 @@
+as testid@aaf.att.com
+# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
+expect 200,404
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
+force perm delete com.test.TC_Perm2.@[user.name].p.A * *
+force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+force role delete com.test.TC_Perm2.@[user.name].p.watcher
+force role delete com.test.TC_Perm2.@[user.name].p.superUser
+force role delete com.test.TC_Perm2.@[user.name].p.secret
+
+as XX@NS
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
+
+# TC_Perm2.99.2.POS Namespace Admin can delete Namespace
+expect 200,404
+force ns delete com.test.TC_Perm2.@[user.name].p
+force ns delete com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm2.@[user.name].p
+ns list name com.test.TC_Perm2.@[user.name]
diff --git a/authz-test/TestSuite/TC_Perm2/Description b/authz-test/TestSuite/TC_Perm2/Description
new file mode 100644
index 00000000..96cb3708
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/Description
@@ -0,0 +1,9 @@
+This Testcase Tests the viewability of different perm commands
+
+APIs:
+
+
+
+CLI:
+
+
diff --git a/authz-test/TestSuite/TC_Perm3/00_ids b/authz-test/TestSuite/TC_Perm3/00_ids
new file mode 100644
index 00000000..ad09d774
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Perm3/10_init b/authz-test/TestSuite/TC_Perm3/10_init
new file mode 100644
index 00000000..f8e2ebf1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/10_init
@@ -0,0 +1,16 @@
+as XX@NS
+# TC_Perm3.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Perm3.@[user.name]
+
+# TC_Perm3.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
+
+# TC_Perm3.10.2.POS Create Namespace with Different ID
+expect 201
+ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
+
+# TC_Perm3.10.3.POS Create Namespace in Different Company
+expect 201
+ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
diff --git a/authz-test/TestSuite/TC_Perm3/20_innerGrants b/authz-test/TestSuite/TC_Perm3/20_innerGrants
new file mode 100644
index 00000000..4f6482cd
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/20_innerGrants
@@ -0,0 +1,29 @@
+as testid_1@test.com
+
+# TC_Perm3.20.0.POS User1 Create a Perm
+expect 201
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
+
+# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
+expect 403
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.6.POS User2 should be able to create Role in own group
+as testid_2@test.com
+expect 201
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
+as testid_2@test.com
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
+# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
+expect 201
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+
diff --git a/authz-test/TestSuite/TC_Perm3/30_outerGrants b/authz-test/TestSuite/TC_Perm3/30_outerGrants
new file mode 100644
index 00000000..ca2f7c53
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/30_outerGrants
@@ -0,0 +1,23 @@
+# TC_Perm3.30.0.POS User1 Create a Perm
+as testid_1@test.com
+expect 201
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
+
+# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
+expect 403
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
+
+# TC_Perm3.30.6.POS User2 should be able to create Role in own group
+as testunused@aaf.att.com
+expect 201
+role create com.att.TC_Perm3.@[user.name].dev.myRole_b
+
+# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+
+# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
+as testid_1@test.com
+expect 403
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+
diff --git a/authz-test/TestSuite/TC_Perm3/99_cleanup b/authz-test/TestSuite/TC_Perm3/99_cleanup
new file mode 100644
index 00000000..89b20783
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/99_cleanup
@@ -0,0 +1,22 @@
+expect 200,404
+as testid_1@test.com
+# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_1
+
+# TC_Perm3.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_1
+
+as testid_2@test.com
+# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_2
+
+# TC_Perm3.99.5.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_2
+
+
+as testunused@aaf.att.com
+# TC_Perm3.99.6.POS Remove Namespace from other company
+force ns delete com.att.TC_Perm3.@[user.name]
+
+# TC_Perm3.99.7.POS Print Namespace from other company
+ns list name com.att.TC_Perm3.@[user.name]
diff --git a/authz-test/TestSuite/TC_Perm3/Description b/authz-test/TestSuite/TC_Perm3/Description
new file mode 100644
index 00000000..9f572aa2
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm3/Description
@@ -0,0 +1,13 @@
+This is a targeted Test Case specifically to cover Inner and Outer Granting.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+perm create
+perm grant
+role create
+as
+
diff --git a/authz-test/TestSuite/TC_Realm1/00_ids b/authz-test/TestSuite/TC_Realm1/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Realm1/10_init b/authz-test/TestSuite/TC_Realm1/10_init
new file mode 100644
index 00000000..6fee8d9f
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/10_init
@@ -0,0 +1,20 @@
+
+as testid@aaf.att.com
+
+# TC_Realm1.10.0.POS Validate no NS
+expect 200,404
+ns list name com.test.TC_Realm1.@[user.name]
+
+# TC_Realm1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com
+
+as XX@NS
+# TC_Realm1.10.10.POS Grant ability to change delegates
+expect 201
+force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg
+
+# TC_Realm1.10.11.POS Create user role to change delegates
+expect 201
+user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg
+
diff --git a/authz-test/TestSuite/TC_Realm1/20_ns b/authz-test/TestSuite/TC_Realm1/20_ns
new file mode 100644
index 00000000..b090d96d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/20_ns
@@ -0,0 +1,26 @@
+
+as testid@aaf.att.com
+# TC_Realm1.20.1.NEG Fail to create - default domain wrong
+expect 403
+ns create com.test.TC_Realm1.@[user.name].project1 testunused
+
+# TC_Realm1.20.2.POS Create - default domain appended
+expect 201
+ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name]
+
+# TC_Realm1.20.3.NEG Fail to create - default domain wrong
+expect 403
+ns admin add com.test.TC_Realm1.@[user.name].project1 testunused
+
+# TC_Realm1.20.4.POS Create - full domain given
+expect 201
+ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com
+
+# TC_Realm1.20.5.POS Delete - default domain appended
+expect 200
+ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name]
+
+# TC_Realm1.20.6.POS Add admin - default domain appended
+expect 201
+ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name]
+
diff --git a/authz-test/TestSuite/TC_Realm1/30_role b/authz-test/TestSuite/TC_Realm1/30_role
new file mode 100644
index 00000000..ea99bc25
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/30_role
@@ -0,0 +1,20 @@
+# TC_Realm1.30.1.POS Create role to add to users
+expect 201
+role create com.test.TC_Realm1.@[user.name].role1
+
+# TC_Realm1.30.2.NEG Add user, but default domain wrong
+expect 403
+role user add com.test.TC_Realm1.@[user.name].role1 testunused
+
+# TC_Realm1.30.3.POS Add user, with default domain appended
+expect 201
+role user add com.test.TC_Realm1.@[user.name].role1 @[user.name]
+
+# TC_Realm1.30.10.POS Role list, with default domain added
+expect 200
+role list user testunused
+
+# TC_Realm1.30.80.POS Delete user, with default domain appended
+expect 200
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+
diff --git a/authz-test/TestSuite/TC_Realm1/40_user b/authz-test/TestSuite/TC_Realm1/40_user
new file mode 100644
index 00000000..629251ea
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/40_user
@@ -0,0 +1,42 @@
+# TC_Realm1.40.1.POS Create role to add to users
+expect 201
+role create com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.2.NEG Add user, but default domain wrong
+expect 403
+user role add testunused com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.3.POS Add user, with default domain appended
+expect 201
+user role add @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.10.NEG Add delegate, but default domain wrong
+expect 404
+user delegate add testunused testid 2099-01-01
+
+# TC_Realm1.40.11.POS Add delegate, with default domain appended
+expect 201
+force user delegate add @[user.name] @[user.name] 2099-01-01
+
+# TC_Realm1.40.12.POS Update delegate, with default domain appended
+expect 200
+user delegate upd @[user.name] @[user.name] 2099-01-01
+
+as XX@NS
+# TC_Realm1.40.20.POS List delegate, with default domain appended
+expect 200
+user list delegates user @[user.name]
+
+# TC_Realm1.40.21.POS List delegate, with default domain appended
+expect 200
+user list delegates delegate @[user.name]
+
+as testid@aaf.att.com
+# TC_Realm1.40.80.POS Delete user, with default domain appended
+expect 200
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.40.81.POS Delete delegate, with default domain appended
+expect 200
+user delegate del @[user.name]
+
diff --git a/authz-test/TestSuite/TC_Realm1/99_cleanup b/authz-test/TestSuite/TC_Realm1/99_cleanup
new file mode 100644
index 00000000..cf8c3a90
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/99_cleanup
@@ -0,0 +1,28 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_Realm1.99.1.POS Delete delgates
+user delegate del @[user.name]
+
+# TC_Realm1.99.2.POS Delete user roles
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+
+# TC_Realm1.99.3.POS Delete roles
+role delete com.test.TC_Realm1.@[user.name].role1
+role delete com.test.TC_Realm1.@[user.name].role2
+
+as XX@NS
+# TC_Realm1.99.10.POS UnGrant ability to change delegates
+perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg
+
+as testid@aaf.att.com
+# TC_Realm1.99.11.POS Delete role to change delegates
+set force=true role delete com.test.TC_Realm1.@[user.name].change_delg
+
+# TC_Realm1.99.98.POS Delete Namespaces
+ns delete com.test.TC_Realm1.@[user.name]
+ns delete com.test.TC_Realm1.@[user.name].project1
+
+# TC_Realm1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_Realm1.@[user.name]
diff --git a/authz-test/TestSuite/TC_Realm1/Description b/authz-test/TestSuite/TC_Realm1/Description
new file mode 100644
index 00000000..edd16859
--- /dev/null
+++ b/authz-test/TestSuite/TC_Realm1/Description
@@ -0,0 +1,2 @@
+This Testcase tests that the default domain is appended before being sent to the server
+
diff --git a/authz-test/TestSuite/TC_Role1/00_ids b/authz-test/TestSuite/TC_Role1/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Role1/10_init b/authz-test/TestSuite/TC_Role1/10_init
new file mode 100644
index 00000000..4af50879
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/10_init
@@ -0,0 +1,23 @@
+as testid@aaf.att.com
+
+# TC_Role1.10.0.POS Validate NS ok
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
diff --git a/authz-test/TestSuite/TC_Role1/20_add_data b/authz-test/TestSuite/TC_Role1/20_add_data
new file mode 100644
index 00000000..43c97d92
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/20_add_data
@@ -0,0 +1,40 @@
+# TC_Role1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.2.POS Add Roles
+expect 201
+role create com.test.TC_Role1.@[user.name].r.A
+role create com.test.TC_Role1.@[user.name].r.B
+
+# TC_Role1.20.3.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.4.NEG Don't write over Role
+expect 409
+role create com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.20.5.NEG Don't allow non-user to create
+expect 401
+as bogus
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
+expect 403
+as testunused@aaf.att.com
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+
+# TC_Role1.20.11.NEG Role must exist to change description
+expect 404
+as testid@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.C Description C
+
+# TC_Role1.20.12.POS Admin can change description
+expect 200
+role describe com.test.TC_Role1.@[user.name].r.A Description A
diff --git a/authz-test/TestSuite/TC_Role1/30_change_ns b/authz-test/TestSuite/TC_Role1/30_change_ns
new file mode 100644
index 00000000..4d32f656
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/30_change_ns
@@ -0,0 +1,14 @@
+# TC_Role1.30.1.POS List Data on non-Empty NS
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Role1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+ns list name com.test.TC_Role1.@[user.name].r
+
diff --git a/authz-test/TestSuite/TC_Role1/40_reports b/authz-test/TestSuite/TC_Role1/40_reports
new file mode 100644
index 00000000..657d1c7c
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/40_reports
@@ -0,0 +1,24 @@
+# TC_Role1.40.01.POS List Data on non-Empty NS
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.20.POS Create a Perm, and add to Role
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.25.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.30.POS Create a Perm
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.40.32.POS Separately Grant Perm
+expect 201
+perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.35.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
diff --git a/authz-test/TestSuite/TC_Role1/50_force_delete b/authz-test/TestSuite/TC_Role1/50_force_delete
new file mode 100644
index 00000000..ef334b24
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/50_force_delete
@@ -0,0 +1,28 @@
+# TC_Role1.50.1.POS Create user to attach to role
+expect 201
+user cred add m00001@@[user.name].TC_Role1.test.com password123
+
+# TC_Role1.50.2.POS Create new role
+expect 201
+role create com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.3.POS Attach user to role
+expect 201
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.4.POS Create permission and attach to role
+expect 201
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
+expect 424
+role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.21.POS Force delete role should work
+expect 200
+set force=true role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role1/90_wait b/authz-test/TestSuite/TC_Role1/90_wait
new file mode 100644
index 00000000..91d890f0
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/90_wait
@@ -0,0 +1,2 @@
+# Need to let DB catch up on deletes
+sleep @[NFR]
diff --git a/authz-test/TestSuite/TC_Role1/99_cleanup b/authz-test/TestSuite/TC_Role1/99_cleanup
new file mode 100644
index 00000000..63e240eb
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/99_cleanup
@@ -0,0 +1,34 @@
+as testid@aaf.att.com
+expect 200,404
+
+# TC_Role1.99.05.POS Remove Permissions from "40_reports"
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
+force role delete com.test.TC_Role1.@[user.name].r.A
+force role delete com.test.TC_Role1.@[user.name].r.B
+force role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.99.15.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_Role1.@[user.name].cred_admin
+
+# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
+perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
+set force=true
+user cred del m00001@@[user.name].TC_Role1.test.com
+
+# TC_Role1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role1.@[user.name].r
+force ns delete com.test.TC_Role1.@[user.name]
+
+# TC_Role1.99.99.POS List to prove clean Namespaces
+ns list name com.test.TC_Role1.@[user.name].r
+ns list name com.test.TC_Role1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role1/Description b/authz-test/TestSuite/TC_Role1/Description
new file mode 100644
index 00000000..012a12b1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
diff --git a/authz-test/TestSuite/TC_Role2/00_ids b/authz-test/TestSuite/TC_Role2/00_ids
new file mode 100644
index 00000000..f7196fc8
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Role2/10_init b/authz-test/TestSuite/TC_Role2/10_init
new file mode 100644
index 00000000..dbe7b858
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/10_init
@@ -0,0 +1,8 @@
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
diff --git a/authz-test/TestSuite/TC_Role2/20_add_data b/authz-test/TestSuite/TC_Role2/20_add_data
new file mode 100644
index 00000000..6b85dea1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/20_add_data
@@ -0,0 +1,39 @@
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com:<pass>
+# TC_Role2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+expect 201
+role create com.test.TC_Role2.@[user.name].r.animals
+role create com.test.TC_Role2.@[user.name].r.dogs
+role create com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+expect 201
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+expect 201
+as XX@NS:<pass>
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+expect 200
+as testid@aaf.att.com:<pass>
+ns list name com.test.TC_Role2.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role2/40_viewByName b/authz-test/TestSuite/TC_Role2/40_viewByName
new file mode 100644
index 00000000..a6ec33c5
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/40_viewByName
@@ -0,0 +1,45 @@
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.10.POS Add testunused to animals
+expect 201
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
diff --git a/authz-test/TestSuite/TC_Role2/41_viewByUser b/authz-test/TestSuite/TC_Role2/41_viewByUser
new file mode 100644
index 00000000..684d9ba1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/41_viewByUser
@@ -0,0 +1,20 @@
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+role list user XX@NS
+
diff --git a/authz-test/TestSuite/TC_Role2/42_viewByNS b/authz-test/TestSuite/TC_Role2/42_viewByNS
new file mode 100644
index 00000000..8f184943
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/42_viewByNS
@@ -0,0 +1,10 @@
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+role list ns com.test.TC_Role2.@[user.name]
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+role list ns com.test.TC_Role2.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role2/43_viewByPerm b/authz-test/TestSuite/TC_Role2/43_viewByPerm
new file mode 100644
index 00000000..53a1e3d4
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/43_viewByPerm
@@ -0,0 +1,15 @@
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+expect 200
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+expect 403
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+
diff --git a/authz-test/TestSuite/TC_Role2/99_cleanup b/authz-test/TestSuite/TC_Role2/99_cleanup
new file mode 100644
index 00000000..df344b2d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/99_cleanup
@@ -0,0 +1,22 @@
+as XX@NS
+expect 200,404
+
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
diff --git a/authz-test/TestSuite/TC_Role2/Description b/authz-test/TestSuite/TC_Role2/Description
new file mode 100644
index 00000000..ea741a81
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/Description
@@ -0,0 +1,9 @@
+This Testcase Tests the viewability of different role commands
+
+APIs:
+
+
+
+CLI:
+
+
diff --git a/authz-test/TestSuite/TC_UR1/00_ids b/authz-test/TestSuite/TC_UR1/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_UR1/10_init b/authz-test/TestSuite/TC_UR1/10_init
new file mode 100644
index 00000000..3709b5be
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/10_init
@@ -0,0 +1,31 @@
+as testid@aaf.att.com
+# TC_UR1.10.0.POS Validate no NS
+expect 200
+ns list name com.test.TC_UR1.@[user.name]
+
+# TC_UR1.10.1.POS Create Namespace to add IDs
+expect 201
+ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_UR1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+
+# TC_UR1.10.20.POS Create two Credentials
+user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd"
+user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd"
+
+# TC_UR1.10.21.POS Create two Roles
+role create com.test.TC_UR1.@[user.name].r1
+role create com.test.TC_UR1.@[user.name].r2
+
diff --git a/authz-test/TestSuite/TC_UR1/23_commands b/authz-test/TestSuite/TC_UR1/23_commands
new file mode 100644
index 00000000..b5345714
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/23_commands
@@ -0,0 +1,10 @@
+# TC_UR1.23.1.NEG Too Few Args for User Role 1
+expect 0
+user
+
+# TC_UR1.23.2.NEG Too Few Args for user role
+expect Exception
+user role
+
+# TC_UR1.23.3.NEG Too Few Args for user role add
+user role add
diff --git a/authz-test/TestSuite/TC_UR1/30_userrole b/authz-test/TestSuite/TC_UR1/30_userrole
new file mode 100644
index 00000000..f4c514e5
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/30_userrole
@@ -0,0 +1,53 @@
+# TC_UR1.30.10.POS Create a UserRole
+expect 201
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.30.11.NEG Created UserRole Exists
+expect 409
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.30.13.POS Delete UserRole
+sleep @[NFR]
+expect 200
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+
+# TC_UR1.30.20.POS Create multiple UserRoles
+expect 201
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.21.NEG Created UserRole Exists
+expect 409
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.23.POS Delete UserRole
+sleep @[NFR]
+expect 200
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.30.30.POS Create a Role User
+expect 201
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.31.NEG Created Role User Exists
+expect 409
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.33.POS Delete Role User
+sleep @[NFR]
+expect 200
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.40.POS Create multiple Role Users
+expect 201
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.41.NEG Created Role User Exists
+expect 409
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.30.43.POS Delete Role Users
+sleep @[NFR]
+expect 200
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+
diff --git a/authz-test/TestSuite/TC_UR1/40_reset b/authz-test/TestSuite/TC_UR1/40_reset
new file mode 100644
index 00000000..66f8c172
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/40_reset
@@ -0,0 +1,40 @@
+# TC_UR1.40.10.POS Create multiple UserRoles
+expect 200
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.40.11.POS Reset userrole for a user
+expect 200
+user role setTo m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
+expect 404
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
+
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist
+expect 403
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+as testunused@aaf.att.com
+# TC_UR1.40.19.NEG User without permission tries to add userrole
+expect 403
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.40.20.NEG User without permission tries to add userrole
+expect 403
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+as testid@aaf.att.com
+# TC_UR1.40.22.POS Reset userrole for a user
+expect 200
+role user setTo com.test.TC_UR1.@[user.name].r1
+
+sleep @[NFR]
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
+expect 404
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
+
+sleep @[NFR]
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
+expect 403
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
+
diff --git a/authz-test/TestSuite/TC_UR1/90_wait b/authz-test/TestSuite/TC_UR1/90_wait
new file mode 100644
index 00000000..91d890f0
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/90_wait
@@ -0,0 +1,2 @@
+# Need to let DB catch up on deletes
+sleep @[NFR]
diff --git a/authz-test/TestSuite/TC_UR1/99_cleanup b/authz-test/TestSuite/TC_UR1/99_cleanup
new file mode 100644
index 00000000..c5e1caf5
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/99_cleanup
@@ -0,0 +1,32 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_UR1.99.1.POS Remove User from Role
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+role user setTo com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_UR1.@[user.name].cred_admin
+
+# TC_UR1.99.3.POS Delete Creds
+set force=true
+user cred del m00001@@[user.name].TC_UR1.test.com
+set force=true
+user cred del m00002@@[user.name].TC_UR1.test.com
+
+# TC_UR1.99.4.POS Delete Roles
+set force=true role delete com.test.TC_UR1.@[user.name].r1
+set force=true role delete com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.99.5.POS Delete Namespace
+set force=true ns delete com.test.TC_UR1.@[user.name]
+
+# TC_UR1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_UR1.@[user.name]
diff --git a/authz-test/TestSuite/TC_UR1/Description b/authz-test/TestSuite/TC_UR1/Description
new file mode 100644
index 00000000..24180f49
--- /dev/null
+++ b/authz-test/TestSuite/TC_UR1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of User Credentials
+
+APIs:
+ POST /auth/cred
+ PUT /auth/cred
+ DELETE /auth/cred
+
+
+CLI:
+ Target
+ user cred add :user :password
+ user cred del :user
+ Ancillary
+ ns create
+ ns delete
+
diff --git a/authz-test/TestSuite/TC_User1/00_ids b/authz-test/TestSuite/TC_User1/00_ids
new file mode 100644
index 00000000..b989aa3b
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/00_ids
@@ -0,0 +1,12 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+set m99990@@[user.name].TC_User1.test.com=password123
+set m99995@@[user.name].TC_User1.test.com=password123
+
+#delay 10
+set NFR=0
+
+
diff --git a/authz-test/TestSuite/TC_User1/10_init b/authz-test/TestSuite/TC_User1/10_init
new file mode 100644
index 00000000..0cad5595
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/10_init
@@ -0,0 +1,25 @@
+
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_User1.@[user.name]
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+
+as XX@NS:<pass>
+# TC_User1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_User1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_User1/20_add_data b/authz-test/TestSuite/TC_User1/20_add_data
new file mode 100644
index 00000000..9a9acec5
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/20_add_data
@@ -0,0 +1,26 @@
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+expect 201
+role create com.test.TC_User1.@[user.name].manager
+role create com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+user cred add m99995@@[user.name].TC_User1.test.com password123
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+expect 201
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
diff --git a/authz-test/TestSuite/TC_User1/40_viewByRole b/authz-test/TestSuite/TC_User1/40_viewByRole
new file mode 100644
index 00000000..824f01e2
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/40_viewByRole
@@ -0,0 +1,23 @@
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+expect 403
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+expect 403
+user list role com.test.TC_User1.@[user.name].manager
+
+sleep @[NFR]
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+expect 200
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
diff --git a/authz-test/TestSuite/TC_User1/41_viewByPerm b/authz-test/TestSuite/TC_User1/41_viewByPerm
new file mode 100644
index 00000000..6813cb15
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/41_viewByPerm
@@ -0,0 +1,29 @@
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+
diff --git a/authz-test/TestSuite/TC_User1/42_viewByDelegates b/authz-test/TestSuite/TC_User1/42_viewByDelegates
new file mode 100644
index 00000000..7d16cb3c
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/42_viewByDelegates
@@ -0,0 +1,12 @@
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+expect 403
+user list delegates user m99990@@[user.name].TC_User1.test.com
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+expect 200
+user list delegates user @[user.name]
+user list delegates delegate @[user.name]
+
diff --git a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm
new file mode 100644
index 00000000..8f4ffd05
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm
@@ -0,0 +1,27 @@
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+expect 201
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+expect 201
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
diff --git a/authz-test/TestSuite/TC_User1/99_cleanup b/authz-test/TestSuite/TC_User1/99_cleanup
new file mode 100644
index 00000000..f6e9724e
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/99_cleanup
@@ -0,0 +1,37 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_User1.99.0.POS Remove user roles
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move
+force perm delete com.test.TC_User1.@[user.name].supplies * stock
+force perm delete com.test.TC_User1.@[user.name].schedule worker create
+force perm delete com.test.TC_User1.@[user.name].worker * annoy
+force role delete com.test.TC_User1.@[user.name].manager
+force role delete com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+user cred del m99990@@[user.name].TC_User1.test.com
+user cred del m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+
+as testid@aaf.att.com:<pass>
+force role delete com.test.TC_User1.@[user.name].cred_admin
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+sleep @[NFR]
+
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_User1/Description b/authz-test/TestSuite/TC_User1/Description
new file mode 100644
index 00000000..9f74081d
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/Description
@@ -0,0 +1,6 @@
+This Testcase Tests the viewability of different user commands
+
+APIs:
+
+CLI:
+
diff --git a/authz-test/TestSuite/TC_Wild/00_ids b/authz-test/TestSuite/TC_Wild/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Wild/10_init b/authz-test/TestSuite/TC_Wild/10_init
new file mode 100644
index 00000000..c411f930
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/10_init
@@ -0,0 +1,18 @@
+as XX@NS
+# TC_Wild.10.0.POS Validate NS ok
+expect 200
+ns list name com.att.test.TC_Wild.@[user.name]
+
+# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Wild.10.10.POS Create a clean MechID
+expect 201
+user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8
+set m99999@@[user.name].TC_Wild.att.com=aNewPass8
+
+as XX@NS
+# TC_Wild.10.11.POS Create role and assign MechID to
+expect 201
+role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com
diff --git a/authz-test/TestSuite/TC_Wild/20_perm b/authz-test/TestSuite/TC_Wild/20_perm
new file mode 100644
index 00000000..2110cbe5
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/20_perm
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.20.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.20.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.20.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.20.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.20.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
diff --git a/authz-test/TestSuite/TC_Wild/21_perm b/authz-test/TestSuite/TC_Wild/21_perm
new file mode 100644
index 00000000..772eea9d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/21_perm
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.21.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.21.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.21.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.21.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.21.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
diff --git a/authz-test/TestSuite/TC_Wild/30_role b/authz-test/TestSuite/TC_Wild/30_role
new file mode 100644
index 00000000..6d680c7e
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/30_role
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.30.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.30.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.30.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.30.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.30.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
diff --git a/authz-test/TestSuite/TC_Wild/31_role b/authz-test/TestSuite/TC_Wild/31_role
new file mode 100644
index 00000000..e29f308c
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/31_role
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.31.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.31.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.31.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.31.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.31.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
diff --git a/authz-test/TestSuite/TC_Wild/32_role b/authz-test/TestSuite/TC_Wild/32_role
new file mode 100644
index 00000000..ccbe866a
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/32_role
@@ -0,0 +1,30 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.32.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.32.5.POS Print Perms
+as m99999@@[user.name].TC_Wild.att.com
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.32.7.POS Now able to create a role in NS
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+# TC_Wild.32.8.POS May Print Role
+expect 200
+role list role com.att.TC_Wild.@[user.name].tool.myRole
+
+as XX@NS
+# TC_Wild.32.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.TC_Wild.@[user.name].access :role:* *
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
diff --git a/authz-test/TestSuite/TC_Wild/50_global_perm b/authz-test/TestSuite/TC_Wild/50_global_perm
new file mode 100644
index 00000000..df5f5426
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/50_global_perm
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.50.1.NEG Fail to create a perm in NS
+expect 403
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.50.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.50.7.POS Now able to create a perm in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+
+
+# TC_Wild.50.8.POS Print Perms
+as XX@NS
+expect 200
+perm list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.50.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+
diff --git a/authz-test/TestSuite/TC_Wild/51_global_role b/authz-test/TestSuite/TC_Wild/51_global_role
new file mode 100644
index 00000000..1e86e916
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/51_global_role
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.51.1.NEG Fail to create a role in NS
+expect 403
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.51.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.51.7.POS Now able to create a role in NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+role create com.att.TC_Wild.@[user.name].tool.myRole
+
+
+# TC_Wild.51.8.POS Print Perms
+as XX@NS
+expect 200
+role list ns com.att.TC_Wild.@[user.name]
+
+# TC_Wild.51.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.att.*:role:tool.* write
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+
diff --git a/authz-test/TestSuite/TC_Wild/52_global_ns b/authz-test/TestSuite/TC_Wild/52_global_ns
new file mode 100644
index 00000000..b1e45ad3
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/52_global_ns
@@ -0,0 +1,33 @@
+as m99999@@[user.name].TC_Wild.att.com
+
+# TC_Wild.52.1.NEG Fail to create a NS
+expect 403
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+
+# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+expect 201
+perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service
+
+# TC_Wild.52.5.POS Print Perms
+expect 200
+perm list user m99999@@[user.name].TC_Wild.att.com
+
+
+# TC_Wild.52.7.POS Now able to create an NS
+as m99999@@[user.name].TC_Wild.att.com
+expect 201
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+
+
+# TC_Wild.52.8.POS Print Perms
+as XX@NS
+expect 200
+ns list name com.test.TC_Wild.@[user.name]
+
+# TC_Wild.52.10.POS Delete Perms Created
+expect 200
+force perm delete com.att.aaf.ns :com.test:ns write
+force ns delete com.test.TC_Wild.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Wild/99_cleanup b/authz-test/TestSuite/TC_Wild/99_cleanup
new file mode 100644
index 00000000..d6abfd90
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/99_cleanup
@@ -0,0 +1,25 @@
+as XX@NS
+expect 200,404
+
+# TC_Wild.99.80.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* write
+
+# TC_Wild.99.81.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* *
+
+# TC_Wild.99.82.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:role:* write
+
+# TC_Wild.99.83.POS Cleanup
+force perm delete com.att.aaf.ns :com.test:ns write
+
+# TC_Wild.99.90.POS Cleanup
+force ns delete com.test.TC_Wild.@[user.name]
+
+# TC_Wild.99.91.POS Cleanup
+force ns delete com.att.TC_Wild.@[user.name]
+
+# TC_Wild.99.99.POS List to prove clean Namespaces
+ns list name com.att.TC_Wild.@[user.name]
+ns list name com.test.TC_Wild.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Wild/Description b/authz-test/TestSuite/TC_Wild/Description
new file mode 100644
index 00000000..012a12b1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Wild/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+
diff --git a/authz-test/TestSuite/TEMPLATE_TC/00_ids b/authz-test/TestSuite/TEMPLATE_TC/00_ids
new file mode 100644
index 00000000..ad09d774
--- /dev/null
+++ b/authz-test/TestSuite/TEMPLATE_TC/00_ids
@@ -0,0 +1,10 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set testid_1@test.com=<pass>
+set testid_2@test.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TEMPLATE_TC/10_init b/authz-test/TestSuite/TEMPLATE_TC/10_init
new file mode 100644
index 00000000..ebdaaae5
--- /dev/null
+++ b/authz-test/TestSuite/TEMPLATE_TC/10_init
@@ -0,0 +1,24 @@
+as XX@NS
+# TEMPLATE_TC.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.10.1.POS Create Namespace with User ID
+expect 201
+ns create com.test.TEMPLATE_TC.@[user.name]_1 @[user.name] testid_1@test.com
+
+# TEMPLATE_TC.10.4.POS Print NS to prove ok
+expect 200
+ns list name com.test.TEMPLATE_TC.@[user.name]_2
+
+# TEMPLATE_TC.10.5.POS Create Namespace with Different ID
+expect 201
+ns create com.test.TEMPLATE_TC.@[user.name]_2 @[user.name] testid_2@test.com
+
+# TEMPLATE_TC.10.8.POS Print NS to prove ok
+expect 200
+ns list name com.att.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.10.9.POS Create Namespace in Different Company
+expect 201
+ns create com.att.TEMPLATE_TC.@[user.name] @[user.name] testunused@aaf.att.com
diff --git a/authz-test/TestSuite/TEMPLATE_TC/99_cleanup b/authz-test/TestSuite/TEMPLATE_TC/99_cleanup
new file mode 100644
index 00000000..a2080461
--- /dev/null
+++ b/authz-test/TestSuite/TEMPLATE_TC/99_cleanup
@@ -0,0 +1,22 @@
+expect 200,404
+as testid_1@test.com
+# TEMPLATE_TC.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TEMPLATE_TC.@[user.name]_1
+
+# TEMPLATE_TC.99.3.POS Print Namespaces
+ns list name com.test.TEMPLATE_TC.@[user.name]_1
+
+as testid_2@test.com
+# TEMPLATE_TC.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TEMPLATE_TC.@[user.name]_2
+
+# TEMPLATE_TC.99.5.POS Print Namespaces
+ns list name com.test.TEMPLATE_TC.@[user.name]_2
+
+
+as testunused@aaf.att.com
+# TEMPLATE_TC.99.6.POS Remove Namespace from other company
+force ns delete com.att.TEMPLATE_TC.@[user.name]
+
+# TEMPLATE_TC.99.7.POS Print Namespace from other company
+ns list name com.att.TEMPLATE_TC.@[user.name]
diff --git a/authz-test/TestSuite/TEMPLATE_TC/Description b/authz-test/TestSuite/TEMPLATE_TC/Description
new file mode 100644
index 00000000..2283774d
--- /dev/null
+++ b/authz-test/TestSuite/TEMPLATE_TC/Description
@@ -0,0 +1,10 @@
+This is a TEMPLATE testcase, to make creating new Test Cases easier.
+
+APIs:
+
+
+CLI:
+ns create
+ns delete
+as
+
diff --git a/authz-test/TestSuite/cmds b/authz-test/TestSuite/cmds
new file mode 100644
index 00000000..4d3c6ab4
--- /dev/null
+++ b/authz-test/TestSuite/cmds
@@ -0,0 +1,21 @@
+# /bin/bash
+. ~/.bashrc
+function failed {
+ echo "FAILED TEST! " $*
+ exit 1
+}
+
+if [ "$1" == "" ] ; then
+ DIRS=`find . -name "TC_*" -maxdepth 1`" "`find . -name "MTC_*" -maxdepth 1`
+else
+ DIRS="$1"
+fi
+
+ for DIR in $DIRS; do
+ for FILE in $DIR/[0-9]*; do
+ echo "*** "$FILE" ***"
+ cat $FILE
+ echo
+ done
+ done
+exit 0
diff --git a/authz-test/TestSuite/copy b/authz-test/TestSuite/copy
new file mode 100644
index 00000000..27d57cb6
--- /dev/null
+++ b/authz-test/TestSuite/copy
@@ -0,0 +1,17 @@
+# /bin/bash
+if [ "$2" != "" ] ; then
+ if [ -e $2 ]; then
+ echo "$2 exists, copy aborted"
+ exit 1
+ fi
+ mkdir -p $2
+ for FILE in $1/*; do
+ FILE2=`echo $FILE | sed -e "s/$1/$2/"`
+ echo $FILE2
+ sed -e "s/$1/$2/g" $FILE > $FILE2
+ done
+else
+ echo 'Usage: copy <Source TestCase> <Target TestCase>'
+fi
+
+exit 0
diff --git a/authz-test/TestSuite/csv b/authz-test/TestSuite/csv
new file mode 100644
index 00000000..a6a0b305
--- /dev/null
+++ b/authz-test/TestSuite/csv
@@ -0,0 +1,13 @@
+# /bin/bash
+if [ "$1" == "" ]; then
+ DIRS=`ls -d TC*`
+else
+ DIRS=$1
+fi
+
+echo '"Test Case","Description"'
+for DIR in $DIRS; do
+ grep -h "^# $DIR" $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ /,"/' -e 's/$/"/'
+done
+cd ..
+exit 0
diff --git a/authz-test/TestSuite/expected/MTC_Appr1.expected b/authz-test/TestSuite/expected/MTC_Appr1.expected
new file mode 100644
index 00000000..269f7317
--- /dev/null
+++ b/authz-test/TestSuite/expected/MTC_Appr1.expected
@@ -0,0 +1,144 @@
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Appr1.10.0.POS List NS to prove ok
+ns list name com.test.appr
+** Expect 200 **
+
+List Namespaces by Name[com.test.appr]
+--------------------------------------------------------------------------------
+
+ns list name com.test.appr.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.appr.@[THE_USER]]
+--------------------------------------------------------------------------------
+
+# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals
+ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Appr1.10.2.POS Create General Namespace to add Approvals
+ns create com.test.appr @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Appr1.10.10.POS Create Roles in Namespace
+role create com.test.appr.@[user.name].addToUserRole
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantToPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].ungrantFromPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantFirstPerm
+** Expect 201 **
+Created Role
+
+role create com.test.appr.@[user.name].grantSecondPerm
+** Expect 201 **
+Created Role
+
+# TC_Appr1.10.12.POS Create Permissions in Namespace
+perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].ungrantFromRole|myInstance|myAction] to Role [com.test.appr.@[THE_USER].ungrantFromPerm]
+
+perm create com.test.appr.@[user.name].grantToRole myInstance myAction
+** Expect 201 **
+Created Permission
+
+force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].deleteThisPerm|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantedRole] (Created)
+
+perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantFirstPerm]
+Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantSecondPerm]
+
+as testunused@aaf.att.com
+# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request
+user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.02.NEG Create Approval for NS create
+ns create com.test.appr.@[user.name].myProject @[user.name]
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.03.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.05.NEG Generate Approval for granting permission to role
+perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role
+perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 403 **
+Failed [SVC2403]: Approvals required, but not requested by Client
+Failed [SVC2403]: Approvals required, but not requested by Client
+
+# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request
+set request true
+set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole
+** Expect 202 **
+UserRole Creation Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.52.POS Create Approval for NS create
+set request true
+set request=true ns create com.test.appr.@[user.name].myProject @[user.name]
+** Expect 202 **
+Namespace Creation Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.53.POS Generate Approval for granting permission to role
+set request true
+set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm
+** Expect 202 **
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.55.POS Generate Approval for granting permission to role
+request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role
+request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm
+** Expect 202 **
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+Permission Role Ungranted Accepted, but requires Approvals before actualizing
+
diff --git a/authz-test/TestSuite/expected/MTC_Appr2.expected b/authz-test/TestSuite/expected/MTC_Appr2.expected
new file mode 100644
index 00000000..7191a044
--- /dev/null
+++ b/authz-test/TestSuite/expected/MTC_Appr2.expected
@@ -0,0 +1,24 @@
+# TC_Appr2.99.1.POS Delete User Role, if exists
+user role del testunused@aaf.att.com com.test.appr.@[user.name].myRole
+** Expect 200,404 **
+Failed [SVC1404]: Cannot delete non-existent User Role
+
+# TC_Appr2.99.79.POS Delete Role
+role delete com.test.appr.@[user.name].myRole
+** Expect 200,404 **
+Deleted Role
+
+# TC_Appr2.99.80.POS Delete Namespaces for TestSuite
+ns delete com.test.appr
+** Expect 200,404 **
+Deleted Namespace
+
+ns delete com.test.appr.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Appr2.99.81.POS Delete Credential used to generate approvals
+as XX@NS:<pass> user cred del testbatch@aaf.att.com
+** Expect 200,404 **
+Deleted Credential [testbatch@aaf.att.com]
+
diff --git a/authz-test/TestSuite/expected/TC_Cred1.expected b/authz-test/TestSuite/expected/TC_Cred1.expected
new file mode 100644
index 00000000..8d310d91
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Cred1.expected
@@ -0,0 +1,269 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+set XX@NS <pass>
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Cred1.10.0.POS List NS to prove ok
+ns list name com.test.TC_Cred1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
+ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Cred1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+role create com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 201 **
+Created Role
+
+# TC_Cred1.10.11.POS Assign roles to perms
+as XX@NS
+perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]
+
+perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Cred1.10.30.POS Assign user for creating creds
+user cred add m99999@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]
+
+set m99999@@[THE_USER].TC_Cred1.test.com password123
+# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
+user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
+Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.10.32.POS Remove create rights for testing
+user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200 **
+Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
+as testunused@aaf.att.com
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T
+
+# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
+as m99999@@[THE_USER].TC_Cred1.test.com
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
+as testunused@aaf.att.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]
+
+# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
+as m99999@@[THE_USER].TC_Cred1.test.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
+as testid@aaf.att.com
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.15.20.POS Admin, delete
+user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.1.NEG Multiple options available to delete
+as XX@NS
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+as testid@aaf.att.com
+user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.2.POS Succeeds when we choose last option
+user cred del m99990@@[user.name].TC_Cred1.test.com 2
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.10.POS Add another credential
+user cred add m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.11.NEG Multiple options available to reset
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123
+** Expect 300 **
+Failed [SVC1300]: Choice - Select which cred to update:
+ Id Type Expires
+ 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
+ 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
+Run same command again with chosen entry as last parameter
+
+# TC_Cred1.30.12.NEG Fails when we choose a bad option
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - User chose invalid credential selection
+
+# TC_Cred1.30.13.POS Succeeds when we choose last option
+user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
+** Expect 200 **
+Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+#TC_Cred1.30.30.NEG Fails when we don't have specific property
+user cred extend m99990@@[user.name].TC_Cred1.test.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T
+
+#### EXTENDS behavior ####
+#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
+as XX@NS
+role create com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 201 **
+Created Role
+
+#TC_Cred1.30.33.POS Grant Extends Permission to Role
+perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 201 **
+Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
+
+#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
+role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
+** Expect 201 **
+Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
+
+#TC_Cred1.30.36.POS Extend Password, expecting Single Response
+user cred extend m99990@@[user.name].TC_Cred1.test.com 1
+** Expect 200 **
+Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+#TC_Cred1.30.39.POS Remove Role
+set force true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 200 **
+Deleted Role
+
+#### MULTI CLEANUP #####
+role list user m99990@@[user.name].TC_Cred1.test.com
+** Expect 200 **
+
+List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Cred1.30.80.POS Delete all entries for this cred
+set force true
+user cred del m99990@@[user.name].TC_Cred1.test.com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
+
+# TC_Cred1.30.99.POS List ns shows no creds attached
+ns list name com.test.TC_Cred1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Cred1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Cred1.@[THE_USER].admin
+ com.test.TC_Cred1.@[THE_USER].cred_admin
+ com.test.TC_Cred1.@[THE_USER].owner
+ com.test.TC_Cred1.@[THE_USER].pw_reset
+ Permissions
+ com.test.TC_Cred1.@[THE_USER].access * *
+ com.test.TC_Cred1.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].TC_Cred1.test.com
+
+as testid@aaf.att.com
+# TC_Cred1.99.1.POS Delete credentials
+force user cred del m99990@@[user.name].TC_Cred1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+#TC_Cred1.99.2.POS Ensure Remove Role
+set force true
+role delete com.test.TC_Cred1.@[user.name].extendTemp
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist
+
+# TC_Cred1.99.10.POS Remove ability to create creds
+force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
+
+force perm delete com.att.aaf.password com.test reset
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.mechid com.test create
+** Expect 200,404 **
+Deleted Permission
+
+as testid@aaf.att.com
+force role delete com.test.TC_Cred1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Cred1.@[user.name].pw_reset
+** Expect 200,404 **
+Deleted Role
+
+# TC_Cred1.99.99.POS Delete Namespace for TestSuite
+set force true
+set force=true ns delete com.test.TC_Cred1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+as XX@NS
+force ns delete com.test.TC_Cred1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist
+
+force ns delete com.test.TC_Cred1
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist
+
diff --git a/authz-test/TestSuite/expected/TC_DELG1.expected b/authz-test/TestSuite/expected/TC_DELG1.expected
new file mode 100644
index 00000000..962caf6a
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_DELG1.expected
@@ -0,0 +1,223 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set m99999@@[THE_USER].delg.test.com password123
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+# TC_DELG1.10.1.POS Check For Existing Data
+as testid@aaf.att.com
+ns list name com.test.delg.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as XX@NS
+perm create com.att.aaf.delg com.att * com.att.admin
+** Expect 201,409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.att.aaf.delg|com.att|*] already exists.
+
+user list delegates delegate @[user.name]@csp.att.com
+** Expect 404 **
+Failed [SVC7404]: Not Found - Delegate [@[THE_USER]@csp.att.com] is not delegating for anyone.
+
+as testid@aaf.att.com
+# TC_DELG1.10.2.POS Create Namespace to add IDs
+ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as XX@NS
+# TC_DELG1.10.10.POS Grant ability to change delegates
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.delg.@[THE_USER].change_delg] does not exist
+
+# TC_DELG1.10.11.POS Grant ability to change delegates
+role create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Created Role
+
+# TC_DELG1.10.12.POS Grant ability to change delegates
+force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg]
+
+# TC_DELG1.10.14.POS Create user role to change delegates
+user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Added Role [com.test.delg.@[THE_USER].change_delg] to User [testid@aaf.att.com]
+
+# TC_DELG1.10.15.POS Grant ability to create cred
+perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg
+** Expect 201 **
+Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg]
+
+as testid@aaf.att.com
+# TC_DELG1.10.30.POS Create cred that will change his own delg
+user cred add m99999@@[user.name].delg.test.com password123
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].delg.test.com]
+
+as XX@NS
+Unknown Instruction "TC_DELG1.10.31.POS"
+perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg
+** Expect 200 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.delg.@[THE_USER].change_delg]
+
+as testid@aaf.att.com
+# TC_DELG1.10.99.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.delg.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.delg.@[THE_USER].admin
+ com.test.delg.@[THE_USER].change_delg
+ com.test.delg.@[THE_USER].owner
+ Permissions
+ com.test.delg.@[THE_USER].access * *
+ com.test.delg.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].delg.test.com
+
+# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID
+user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database.
+
+# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate
+user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database.
+
+# TC_DELG1.20.20.NEG May not change user, no delegate permission
+as m99999@@[THE_USER].delg.test.com
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].delg.test.com] may not create a delegate for [@[THE_USER]@csp.att.com]
+
+as testid@aaf.att.com
+# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 404 **
+Failed [SVC1404]: Not Found - [@[THE_USER]@csp.att.com] does not have a Delegate Record to [write].
+
+# TC_DELG1.20.22.NEG May not create delegate for self.
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - [@[THE_USER]@csp.att.com] cannot be a delegate for self
+
+# TC_DELG1.20.23.POS May create delegate for self for tests by forcing.
+force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 201 **
+Delegate Added
+
+as XX@NS
+# TC_DELG1.20.30.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_DELG1.20.35.NEG Fail Create when exists
+user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00'
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - [@[THE_USER]@csp.att.com] already delegates to [@[THE_USER]@csp.att.com]
+
+as XX@NS
+# TC_DELG1.20.40.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_DELG1.20.46.POS Update Delegate with new Date
+user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00'
+** Expect 200 **
+Delegate Updated
+
+as XX@NS
+# TC_DELG1.20.82.POS Expect Delegates for User
+user list delegates user @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+# TC_DELG1.20.83.POS Expect Delegate to show up in list
+user list delegates delegate @[user.name]@csp.att.com
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as XX@NS
+# TC_DELG1.99.0.POS Check for Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.delg.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.delg.@[THE_USER].admin
+ com.test.delg.@[THE_USER].change_delg
+ com.test.delg.@[THE_USER].owner
+ Permissions
+ com.test.delg.@[THE_USER].access * *
+ com.test.delg.@[THE_USER].access * read
+ Credentials
+ m99999@@[THE_USER].delg.test.com
+
+# TC_DELG1.99.10.POS Delete Delegates
+user delegate del @[user.name]@csp.att.com
+** Expect 200,404 **
+Delegate Deleted
+
+# TC_DELG1.99.30.POS Delete Namespace com.att.test.id
+force ns delete com.test.delg.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_DELG1.99.98.POS Check for Delegate Data as Correct
+user list delegates user @[user.name]@csp.att.com
+** Expect 200,404 **
+Failed [SVC7404]: Not Found - No Delegate found for [@[THE_USER]@csp.att.com]
+
+# TC_DELG1.99.99.POS Check for NS Data as Correct
+ns list name com.test.delg.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.delg.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Link.expected b/authz-test/TestSuite/expected/TC_Link.expected
new file mode 100644
index 00000000..3c58002e
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Link.expected
@@ -0,0 +1,253 @@
+set testid <pass>
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+# TC_05
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200,404 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200,404 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_10
+as XX@NS
+ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+role create com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole]
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+role delete com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+Deleted Role
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+role create com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole
+** Expect 201 **
+Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole]
+
+# 15_print
+ns list name com.test.TC_Link_1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_1.@[THE_USER].admin
+ com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_1.@[THE_USER].access * *
+ com.test.TC_Link_1.@[THE_USER].access * read
+
+ns list name com.test.TC_Link_2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER]
+ Administrators
+ XX@NS
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Link_2.@[THE_USER].admin
+ com.test.TC_Link_2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Link_2.@[THE_USER].access * *
+ com.test.TC_Link_2.@[THE_USER].access * read
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+perm list role com.test.TC_Link_1.@[user.name].myRole
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+
+role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Link_1.@[THE_USER].myRole
+ com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction
+
+as XX@NS
+force ns delete com.test.TC_Link_2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Link_1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
diff --git a/authz-test/TestSuite/expected/TC_NS1.expected b/authz-test/TestSuite/expected/TC_NS1.expected
new file mode 100644
index 00000000..6c5a89ec
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_NS1.expected
@@ -0,0 +1,327 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NS1.01.0.POS Expect Clean Namespace to start
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party
+ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testunused@aaf.att.com does not have permission to assume test status at AT&T
+
+# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin
+ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC2403]: Forbidden - bogus@aaf.att.com is not a valid AAF Credential
+
+as testid@aaf.att.com
+# TC_NS1.10.0.POS Check for Existing Data
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NS1.10.40.POS Expect Namespace to be created
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.10.41.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * *
+
+
+# TC_NS1.10.42.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * read
+
+
+# TC_NS1.10.43.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].access * *
+
+# TC_NS1.10.44.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.11.1.NEG Create Namespace when exists
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Target Namespace already exists
+
+# TC_NS1.20.1.NEG Too Few Args for Create 1
+ns create
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.20.2.NEG Too Few Args for Create 2
+ns create bogus
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.30.10.NEG Non-admins can't change description
+as testunused@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.30.11.NEG Namespace must exist to change description
+as testid@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name].project1 Description for my project
+** Expect 404 **
+Failed [SVC1404]: Not Found - Namespace [com.test.TC_NS1.@[THE_USER].project1] does not exist
+
+# TC_NS1.30.12.POS Admin can change description
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 200 **
+Description added to Namespace
+
+# TC_NS1.50.1.NEG Adding a Bogus ID
+ns admin add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain
+ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.3.NEG Adding an OK ID, bad domain
+ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - xz9914@bogus.test.com is not a valid AAF Credential
+
+# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+sleep 0
+# TC_NS1.50.10.POS Adding an OK ID
+ns admin add com.test.TC_NS1.@[user.name] XX@NS
+** Expect 201 **
+Admin XX@NS added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.11.POS Deleting One of Two
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 200 **
+Admin testid@aaf.att.com deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.13.POS Add ID back in
+ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.14.POS Deleting original
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 200 **
+Admin XX@NS deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.15.NEG Can't remove twice
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions
+role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.60.1.NEG Adding a Bogus ID
+ns responsible add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain
+ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.3.NEG Adding an OK ID, bad domain
+ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+sleep 0
+# TC_NS1.60.10.POS Adding an OK ID
+# Note: mw9749 used because we must have employee as responsible
+ns responsible add com.test.TC_NS1.@[user.name] mw9749
+** Expect 201 **
+mw9749@csp.att.com is now responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.11.POS Deleting One of Two
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 200 **
+mw9749@csp.att.com is no longer responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.12.NEG mw9749 no longer Admin
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [mw9749@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions
+role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+sleep 0
+# TC_NS1.80.1.POS List Data on Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.80.2.POS Add Roles to NS for Listing
+role create com.test.TC_NS1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+role create com.test.TC_NS1.@[user.name].r.B
+** Expect 201 **
+Created Role
+
+# TC_NS1.80.3.POS List Data on non-Empty NS
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].r.A
+ com.test.TC_NS1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace
+as testunused@aaf.att.com
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write in NS [com.test.TC_NS1.@[THE_USER]]
+
+sleep 0
+as testid@aaf.att.com
+# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NS1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_NS1.@[user.name].r.B
+** Expect 200,404 **
+Deleted Role
+
+# TC_NS1.99.2.POS Namespace Admin can delete Namespace
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_NS1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_NS2.expected b/authz-test/TestSuite/expected/TC_NS2.expected
new file mode 100644
index 00000000..f8de4564
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_NS2.expected
@@ -0,0 +1,389 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NS2.10.0.POS Check for Existing Data
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NS2.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as XX@NS
+# TC_NS2.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].access * *
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].access * read
+
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.70.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+ns list name com.test.TC_NS2.@[user.name].project
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+ Administrators
+ testunused@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].project.access * *
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].project.admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].project.admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.access * *
+
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+perm list role com.test.TC_NS2.@[user.name].project.owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS2.@[THE_USER].project.owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.access * read
+
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].project.access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.access * *
+
+as testid@aaf.att.com
+# TC_NS2.10.80.POS Expect Namespace to be created
+role list perm com.test.TC_NS2.@[user.name].project.access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project.owner
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+as testid@aaf.att.com
+# TC_NS2.20.1.POS Create roles
+role create com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Created Role
+
+role create com.test.TC_NS2.@[user.name].myRole
+** Expect 201 **
+Created Role
+
+# TC_NS2.20.2.POS Create permissions
+perm create com.test.TC_NS2.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+perm create com.test.TC_NS2.@[user.name].myType * *
+** Expect 201 **
+Created Permission
+
+# TC_NS2.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_NS2.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_NS2.test.com]
+
+as XX@NS
+# TC_NS2.20.10.POS Grant view perms to watcher role
+perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.test.TC_NS2.@[THE_USER]:ns|read] to Role [com.test.TC_NS2.@[THE_USER].watcher]
+
+as testunused@aaf.att.com
+# TC_NS2.40.1.NEG Non-admin, not granted user should not view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_NS2.@[THE_USER]]
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_NS2.40.10.POS Add user to watcher role
+user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+** Expect 201 **
+Added Role [com.test.TC_NS2.@[THE_USER].watcher] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_NS2.40.11.POS Non-admin, granted user should view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].myRole
+ com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].watcher
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+ com.test.TC_NS2.@[THE_USER].myType * *
+ com.test.TC_NS2.@[THE_USER].myType myInstance myAction
+ Credentials
+ m99990@@[THE_USER].TC_NS2.test.com
+
+as testid@aaf.att.com
+# TC_NS2.40.19.POS Remove user from watcher role
+user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
+** Expect 200 **
+Removed Role [com.test.TC_NS2.@[THE_USER].watcher] from User [testunused@aaf.att.com]
+
+# Thirties test admin user
+# TC_NS2.40.20.POS Admin should be able to view
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].admin
+ com.test.TC_NS2.@[THE_USER].cred_admin
+ com.test.TC_NS2.@[THE_USER].myRole
+ com.test.TC_NS2.@[THE_USER].owner
+ com.test.TC_NS2.@[THE_USER].watcher
+ Permissions
+ com.test.TC_NS2.@[THE_USER].access * *
+ com.test.TC_NS2.@[THE_USER].access * read
+ com.test.TC_NS2.@[THE_USER].myType * *
+ com.test.TC_NS2.@[THE_USER].myType myInstance myAction
+ Credentials
+ m99990@@[THE_USER].TC_NS2.test.com
+
+# TC_NS2.40.21.POS Admin of parent NS should be able to view
+ns list name com.test.TC_NS2.@[user.name].project
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+ Administrators
+ testunused@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS2.@[THE_USER].project.admin
+ com.test.TC_NS2.@[THE_USER].project.owner
+ Permissions
+ com.test.TC_NS2.@[THE_USER].project.access * *
+ com.test.TC_NS2.@[THE_USER].project.access * read
+
+# TC_NS2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+ns list admin testunused@aaf.att.com
+** Expect 200 **
+
+List Namespaces with admin privileges for [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+com.test.TC_NS2.@[THE_USER].project
+
+# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace
+as testunused@aaf.att.com
+ns list admin XX@NS
+** Expect 200 **
+
+List Namespaces with admin privileges for [XX@NS]
+--------------------------------------------------------------------------------
+com
+com.att
+com.att.aaf
+com.test
+
+as testid@aaf.att.com
+# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+role delete com.test.TC_NS2.@[user.name].myRole
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_NS2.@[user.name].watcher
+** Expect 200,404 **
+Deleted Role
+
+perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+perm delete com.test.TC_NS2.@[user.name].myType * *
+** Expect 200,404 **
+Deleted Permission
+
+user cred del m99990@@[user.name].TC_NS2.test.com
+** Expect 200,404 **
+Deleted Credential [m99990@@[THE_USER].TC_NS2.test.com]
+
+as XX@NS
+force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read
+** Expect 200,404 **
+Deleted Permission
+
+# TC_NS2.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NS2.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+force role delete com.test.TC_NS2.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_NS2.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS2.@[user.name].project
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_NS2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_NS2.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_NS3.expected b/authz-test/TestSuite/expected/TC_NS3.expected
new file mode 100644
index 00000000..8ac3afcf
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_NS3.expected
@@ -0,0 +1,192 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set testid_1@test.com <pass>
+set testid_2@test.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+ns list name com.test.TC_NS3.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS3.10.1.POS Create Namespace with User ID
+ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com
+** Expect 201 **
+Created Namespace
+
+as testid_1@test.com
+# TC_NS3.20.0.NEG Too short
+ns attrib
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.1.NEG Wrong command
+ns attrib xyz
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.2.NEG Too Short after Command
+ns attrib add
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.3.NEG Too Short after Namespace
+ns attrib add com.test.TC_NS3.@[user.name]
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.20.4.NEG Too Short after Key
+ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm
+** Expect -1 **
+Not added: Need more Data
+
+# TC_NS3.20.5.NEG No Permission
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testid_1@test.com may not create NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm]
+
+# TC_NS3.20.6.POS Create Permission to write Attrib
+as XX@NS
+perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.6.POS Create Permission
+perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.attrib|:com.att.*:*|read] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.10.POS Attribute added
+as testid_1@test.com
+ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1
+** Expect 201 **
+Add Attrib TC_NS3_swm=v1 to com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.30.POS List NS by Attrib
+ns list keys TC_NS3_swm
+** Expect 200 **
+
+List Namespace Names by Attribute
+--------------------------------------------------------------------------------
+ com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.40.POS List NS (shows Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+com.test.TC_NS3.@[THE_USER]_1
+ Administrators
+ testid_1@test.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Namespace Attributes
+ TC_NS3_swm=v1
+ Roles
+ com.test.TC_NS3.@[THE_USER]_1.admin
+ com.test.TC_NS3.@[THE_USER]_1.owner
+ Permissions
+ com.test.TC_NS3.@[THE_USER]_1.access * *
+ com.test.TC_NS3.@[THE_USER]_1.access * read
+
+# TC_NS3.20.42.POS Change Attrib
+ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1
+** Expect 200 **
+Update Attrib TC_NS3_swm=Version1 for com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.20.49.POS List NS (shows new Attrib)
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+com.test.TC_NS3.@[THE_USER]_1
+ Administrators
+ testid_1@test.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Namespace Attributes
+ TC_NS3_swm=Version1
+ Roles
+ com.test.TC_NS3.@[THE_USER]_1.admin
+ com.test.TC_NS3.@[THE_USER]_1.owner
+ Permissions
+ com.test.TC_NS3.@[THE_USER]_1.access * *
+ com.test.TC_NS3.@[THE_USER]_1.access * read
+
+# TC_NS3.20.80.POS Remove write Permission
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.20.83.POS Remove read Permission
+perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:*|read] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+as testid_1@test.com
+# TC_NS3.50.2.NEG Too Short after Command
+ns attrib del
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.50.3.NEG Too Short after Namespace
+ns attrib del com.test.TC_NS3.@[user.name]
+** Expect -1 **
+Too few args: attrib <add|upd|del> <ns> <key> [value]
+
+# TC_NS3.50.5.NEG No Permission
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+** Expect 403 **
+Failed [SVC1403]: Forbidden - testid_1@test.com may not delete NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm]
+
+# TC_NS3.50.6.POS Create Permission
+as XX@NS
+perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 201 **
+Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+# TC_NS3.50.7.POS Attribute added
+as testid_1@test.com
+ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm
+** Expect 200 **
+Attrib TC_NS3_swm deleted from com.test.TC_NS3.@[THE_USER]_1
+
+# TC_NS3.50.8.POS Remove Permission
+as XX@NS
+perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin
+** Expect 200 **
+UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin]
+
+as testid_1@test.com
+# TC_NS3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_NS3.@[user.name]_1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_NS3.99.3.POS Print Namespaces
+ns list name com.test.TC_NS3.@[user.name]_1
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS3.99.10.POS Remove Special Permissions
+as XX@NS
+force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.attrib :com.att.*:* read
+** Expect 200,404 **
+Deleted Permission
+
diff --git a/authz-test/TestSuite/expected/TC_NSdelete1.expected b/authz-test/TestSuite/expected/TC_NSdelete1.expected
new file mode 100644
index 00000000..29732c5d
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_NSdelete1.expected
@@ -0,0 +1,362 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NSdelete1.10.0.POS Check for Existing Data
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.force.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as XX@NS
+# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties
+ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NSdelete1.10.2.POS Expect Namespace to be created
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER].app
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].app.admin
+ com.test.TC_NSdelete1.@[THE_USER].app.owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].app.access * *
+ com.test.TC_NSdelete1.@[THE_USER].app.access * read
+
+ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].admin
+ com.test.TC_NSdelete1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].access * *
+ com.test.TC_NSdelete1.@[THE_USER].access * read
+
+ns list name com.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.@[THE_USER].admin
+ com.@[THE_USER].owner
+ Permissions
+ com.@[THE_USER].access * *
+ com.@[THE_USER].access * read
+
+ns list name com.test.force.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.force.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.force.@[THE_USER].admin
+ com.test.force.@[THE_USER].owner
+ Permissions
+ com.test.force.@[THE_USER].access * *
+ com.test.force.@[THE_USER].access * read
+
+# TC_NSdelete1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_NSdelete1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+as testid@aaf.att.com
+# TC_NSdelete1.20.1.POS Create valid Role in my Namespace
+role create com.test.TC_NSdelete1.@[user.name].app.r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.20.2.POS Create valid permission
+perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.20.3.POS Add credential to my namespace
+user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123
+** Expect 201 **
+Added Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com]
+
+# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential
+ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains users, permissions, roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.20.11.POS Delete Credential
+set force true
+user cred del m99990@app.@[user.name].TC_NSdelete1.test.com
+** Expect 200 **
+Deleted Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com]
+
+# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached
+ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains permissions, roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns
+set force move
+set force=move ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NSdelete1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NSdelete1.@[THE_USER].admin
+ com.test.TC_NSdelete1.@[THE_USER].cred_admin
+ com.test.TC_NSdelete1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NSdelete1.@[THE_USER].access * *
+ com.test.TC_NSdelete1.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_NSdelete1.30.1.POS Create valid Role in my Namespace
+role create com.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.30.2.NEG Delete Company with role attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains roles.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles
+role delete com.@[user.name].r.A
+** Expect 200 **
+Deleted Role
+
+# TC_NSdelete1.30.10.POS Create valid permission
+perm create com.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.30.11.NEG Delete Company with permission attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains permissions.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms
+perm delete com.@[user.name].p.A myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+# TC_NSdelete1.30.20.POS Create valid Credential in my namespace
+user cred add m99990@@[user.name].com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].com]
+
+# TC_NSdelete1.30.21.NEG Delete Company with credential attached
+ns delete com.@[user.name]
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains users.
+ Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent.
+
+# TC_NSdelete1.30.22.POS Namespace admin can remove Cred
+set force true
+user cred del m99990@@[user.name].com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].com]
+
+# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached
+ns delete com.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+# TC_NSdelete1.40.1.POS Create valid Role in my Namespace
+role create com.test.force.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_NSdelete1.40.2.POS Create valid permission in my Namespace
+perm create com.test.force.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_NSdelete1.40.3.POS Add credential to my namespace
+user cred add m99990@@[user.name].force.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].force.test.com]
+
+# TC_NSdelete1.40.10.POS Delete Program in my Namespace
+set force true
+set force=true ns delete com.test.force.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+sleep 0
+# TC_NSdelete1.40.20.NEG Role and permission should not exist
+ns list name com.test.force.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NSdelete1.40.22.NEG Credential should not exist
+set force true
+user cred del m99990@@[user.name].force.test.com
+** Expect 404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+as testid@aaf.att.com
+# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NSdelete1.@[user.name].app.r.A
+** Expect 200,404 **
+Deleted Role
+
+# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles
+perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials
+set force true
+set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+# TC_NSdelete1.99.10.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+set force true
+set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_NSdelete1.99.97.POS Clean Namespace
+set force true
+set force=true ns delete com.test.TC_NSdelete1.@[user.name].app
+** Expect 200,404 **
+Deleted Namespace
+
+set force true
+set force=true ns delete com.test.TC_NSdelete1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+set force true
+set force=true ns delete com.test.force.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.force.@[THE_USER] does not exist
+
+# TC_NSdelete1.99.98.POS Check Clean Namespace
+ns list name com.test.TC_NSdelete1.@[user.name].app
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_NSdelete1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.force.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.force.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NSdelete1.99.99.POS Clean and check Company Namespace
+as XX@NS
+set force true
+set force=true ns delete com.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.@[THE_USER] does not exist
+
+ns list name com.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_PW1.expected b/authz-test/TestSuite/expected/TC_PW1.expected
new file mode 100644
index 00000000..b167edbb
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_PW1.expected
@@ -0,0 +1,170 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_PW1.10.0.POS Validate no NS
+ns list name com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_PW1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_PW1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_PW1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_PW1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_PW1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_PW1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_PW1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 12
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length
+user cred add m12345@TC_PW1.test.com 1234567
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010),
+Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com 12345678
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*"
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010)
+
+# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+sleep 0
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID
+user cred add m12345@@[user.name].TC_PW1.test.com m12345
+** Expect 406 **
+Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010)
+
+# TC_PW1.23.1.NEG Too Few Args for User Cred 1
+user cred
+** Expect -1 **
+Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+
+# TC_PW1.23.2.NEG Too Few Args for User Cred add
+user cred add
+** Expect -1 **
+Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+
+# TC_PW1.30.1.POS Create a Credential, with Temporary Time
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.30.3.NEG Credential Exists
+user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf"
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Credential with same Expiration Date exists, use 'reset'
+
+# TC_PW1.30.8.POS Reset this Password
+user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1
+** Expect 200 **
+Reset Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+# TC_PW1.30.9.POS Delete a Credential
+user cred del m12345@@[user.name].TC_PW1.test.com 1
+** Expect 200 **
+Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com]
+
+as testid@aaf.att.com
+# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com
+set force true
+user cred del m12345@@[user.name].TC_PW1.test.com
+** Expect 200,404 **
+Failed [SVC5404]: Not Found - Credential does not exist
+
+# TC_PW1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_PW1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_PW1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_PW1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1
+ns delete com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_PW1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_PW1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_PW1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Perm1.expected b/authz-test/TestSuite/expected/TC_Perm1.expected
new file mode 100644
index 00000000..d099990c
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Perm1.expected
@@ -0,0 +1,963 @@
+set testid <pass>
+set testid@aaf.att.com <pass>
+set XX@NS <pass>
+set testunused <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+# TC_Perm1.10.0.POS Validate Namespace is empty first
+as testid@aaf.att.com
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Perm1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Perm1.10.12.POS Assign user for creating creds
+user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS]
+
+# TC_Perm1.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+
+# TC_Perm1.20.2.POS Add Perm
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.20.3.NEG Already Added Perm
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists.
+
+# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
+force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.A]
+Created Role [com.test.TC_Perm1.@[THE_USER].r.B]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B]
+
+# TC_Perm1.20.8.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
+perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists.
+
+# TC_Perm1.20.10.NEG Non-admins can't change description
+as testunused
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction]
+
+# TC_Perm1.20.11.NEG Permission must exist to change description
+as testid
+perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
+** Expect 404 **
+Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
+
+# TC_Perm1.20.12.POS Admin can change description
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+** Expect 200 **
+Description added to Permission
+
+# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.22.10.POS View permission in original state
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.22.11.POS Rename permission instance
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction
+
+# TC_Perm1.22.13.POS Rename permission action
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.14.POS Verify change in permission action
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction
+
+# TC_Perm1.22.15.POS Rename permission type
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.16.POS Verify change in permission type
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+role list role com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200 **
+Updated Permission
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+role list role com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+
+# TC_Perm1.25.1.POS Create another Role in This namespace
+role create com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.25.2.POS Create another Perm in This namespace
+perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
+perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist
+
+# TC_Perm1.25.4.POS Grant individual new Perm to new Role
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.5.NEG Already Granted Perm
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.6.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.25.11.NEG Already UnGranted Perm
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
+
+# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.25.21.POS Owner of permission can reset roles
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Set Permission's Roles to []
+
+# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+role create com.test2.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Created Role
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.16.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+set request true
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+** Expect 201 **
+Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER]
+
+as m99990@@[THE_USER].TC_Perm1.test2.com
+sleep 0
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+set request true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+** Expect 202 **
+Permission Role Granted Accepted, but requires Approvals before actualizing
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.34.POS Print Info for Validation
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test2.TC_Perm1.@[THE_USER]
+ Administrators
+ XX@NS
+ m99990@@[THE_USER].TC_Perm1.test2.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test2.TC_Perm1.@[THE_USER].admin
+ com.test2.TC_Perm1.@[THE_USER].owner
+ com.test2.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test2.TC_Perm1.@[THE_USER].access * *
+ com.test2.TC_Perm1.@[THE_USER].access * read
+ Credentials
+ m99990@@[THE_USER].TC_Perm1.test2.com
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+as m99990@@[THE_USER].TC_Perm1.test2.com
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Set Permission's Roles to []
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.B
+ com.test.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test2.TC_Perm1.@[THE_USER]
+ Administrators
+ XX@NS
+ m99990@@[THE_USER].TC_Perm1.test2.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test2.TC_Perm1.@[THE_USER].admin
+ com.test2.TC_Perm1.@[THE_USER].owner
+ com.test2.TC_Perm1.@[THE_USER].r.C
+ Permissions
+ com.test2.TC_Perm1.@[THE_USER].access * *
+ com.test2.TC_Perm1.@[THE_USER].access * read
+ Credentials
+ m99990@@[THE_USER].TC_Perm1.test2.com
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+role delete com.test.TC_Perm1.@[user.name].r.A
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.B
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+Deleted Role
+
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 200 **
+Deleted Role
+
+role delete com.test2.TC_Perm1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+force ns delete com.test.TC_Perm1.@[user.name]_2
+** Expect 200 **
+Deleted Namespace
+
+as XX@NS
+set force true
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+** Expect 200 **
+Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
+
+ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm1.27.1.POS Create Permission
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm1.27.2.POS Create Role
+role create com.test.TC_Perm1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
+perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist
+
+# TC_Perm1.27.11.POS Role is created with force
+force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
+
+# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
+perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+** Expect 404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist
+
+# TC_Perm1.27.13.POS Perm is created with force
+force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+** Expect 201 **
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
+
+# TC_Perm1.27.14.POS Role and perm are created with force
+force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
+** Expect 201 **
+Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
+Created Permission
+Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
+
+# TC_Perm1.30.1.POS List Data on non-Empty NS
+as testid
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.unknown
+ com.test.TC_Perm1.@[THE_USER].r.unknown2
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
+
+# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm1.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].admin
+ com.test.TC_Perm1.@[THE_USER].cred_admin
+ com.test.TC_Perm1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].access * *
+ com.test.TC_Perm1.@[THE_USER].access * read
+ com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
+ com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
+
+ns list name com.test.TC_Perm1.@[user.name].r
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+com.test.TC_Perm1.@[THE_USER].r
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm1.@[THE_USER].r.A
+ com.test.TC_Perm1.@[THE_USER].r.admin
+ com.test.TC_Perm1.@[THE_USER].r.owner
+ com.test.TC_Perm1.@[THE_USER].r.unknown
+ com.test.TC_Perm1.@[THE_USER].r.unknown2
+ Permissions
+ com.test.TC_Perm1.@[THE_USER].r.access * *
+ com.test.TC_Perm1.@[THE_USER].r.access * read
+
+as XX@NS
+# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+role delete com.test.TC_Perm1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.B
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist
+
+role delete com.test.TC_Perm1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist
+
+role delete com.test.TC_Perm1.@[user.name].r.unknown
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Perm1.@[user.name].r.unknown2
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test2.TC_Perm1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist
+
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist
+
+# TC_Perm1.99.2.POS Remove ability to create creds
+user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_Perm1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+sleep 0
+as XX@NS
+# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
+set force true
+set force=true ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
+
+as testid
+force ns delete com.test.TC_Perm1.@[user.name].r
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Perm1.@[user.name]_2
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist
+
+force ns delete com.test.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
+
+# TC_Perm1.99.99.POS List to prove removed
+ns list name com.test.TC_Perm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm1.@[user.name].r
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm1.@[user.name]_2
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test2.TC_Perm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Perm2.expected b/authz-test/TestSuite/expected/TC_Perm2.expected
new file mode 100644
index 00000000..dadff03b
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Perm2.expected
@@ -0,0 +1,554 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Perm2.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as testid@aaf.att.com
+# TC_Perm2.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+
+# TC_Perm2.20.10.POS Add Perms with specific Instance and Action
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.11.POS Add Perms with specific Instance and Star
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
+perm create com.test.TC_Perm2.@[user.name].p.A * *
+** Expect 201 **
+Created Permission
+
+perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+** Expect 201 **
+Created Permission
+
+# TC_Perm2.20.20.POS Create role
+role create com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Created Role
+
+# TC_Perm2.20.21.POS Grant sub-NS perms to role
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Granted Permission [com.test.TC_Perm2.@[THE_USER].p.phoneCalls|*|spy] to Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+
+# TC_Perm2.20.30.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+# TC_Perm2.20.40.POS Create role
+role create com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Perm2.20.50.POS Grant view perms to watcher role
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+as testid@aaf.att.com
+# TC_Perm2.30.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ com.test.TC_Perm2.@[THE_USER].p.watcher
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm2.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].admin
+ com.test.TC_Perm2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].access * *
+ com.test.TC_Perm2.@[THE_USER].access * read
+
+ns list name com.test.TC_Perm2.@[user.name].p
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Perm2.@[THE_USER].p.admin
+ com.test.TC_Perm2.@[THE_USER].p.owner
+ com.test.TC_Perm2.@[THE_USER].p.secret
+ com.test.TC_Perm2.@[THE_USER].p.superUser
+ com.test.TC_Perm2.@[THE_USER].p.watcher
+ Permissions
+ com.test.TC_Perm2.@[THE_USER].p.A * *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+ com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+ com.test.TC_Perm2.@[THE_USER].p.access * *
+ com.test.TC_Perm2.@[THE_USER].p.access * read
+ com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+as testunused@aaf.att.com
+# TC_Perm2.40.1.NEG Non-admin, not granted user should not view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_Perm2.40.10.POS Add user to superUser role
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.11.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.12.POS Ungrant perm with wildcards
+perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+UnGranted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] from Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.13.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.19.POS Remove user from superUser role
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
+
+# Twenties test user granted explicit view permission
+# TC_Perm2.40.20.POS Add user to watcher role
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as XX@NS
+# TC_Perm2.40.22.POS Ungrant perm with wildcards
+perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+UnGranted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] from Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+as testunused@aaf.att.com
+# TC_Perm2.40.23.POS Non-admin, granted user should view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# TC_Perm2.40.29.POS Remove user from watcher role
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
+
+# Thirties test admin user
+# TC_Perm2.40.30.POS Admin should be able to view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.40.31.POS Add new admin for sub-NS
+ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+** Expect 201 **
+Admin testunused@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.32.POS Remove admin from sub-NS
+ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+** Expect 200 **
+Admin testid@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.34.POS Admin of parent NS should be able to view
+perm list name com.test.TC_Perm2.@[user.name].p.A
+** Expect 200 **
+
+List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.40.80.POS Add new admin for sub-NS
+ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.40.81.POS Remove admin from sub-NS
+ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+** Expect 200 **
+Admin testunused@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
+
+# TC_Perm2.41.1.POS Add user to some roles with perms attached
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
+
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
+
+user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
+** Expect 201 **
+Added Role [com.test.TC_Perm2.@[THE_USER].p.secret] to User [XX@NS]
+
+# TC_Perm2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
+as XX@NS
+perm list user testunused@aaf.att.com
+** Expect 200 **
+
+List Permissions by User[testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+perm list user XX@NS
+** Expect 200 **
+
+List Permissions by User[XX@NS]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+# TC_Perm2.41.99.POS Remove users from roles for later test
+as testid@aaf.att.com
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
+
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
+
+user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200 **
+Removed Role [com.test.TC_Perm2.@[THE_USER].p.secret] from User [XX@NS]
+
+# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+perm list ns com.test.TC_Perm2.@[user.name].p
+** Expect 200 **
+
+List Perms by NS [com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A * *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+com.test.TC_Perm2.@[THE_USER].p.access * *
+com.test.TC_Perm2.@[THE_USER].p.access * read
+com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+
+# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+perm list ns com.test.TC_Perm2.@[user.name].p
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Perm2.@[THE_USER].p]
+
+# TC_Perm2.43.10.POS List perms when allowed to see Role
+as testid@aaf.att.com
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.A myInstance *
+com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
+
+
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200 **
+
+List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
+
+
+# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
+as testunused@aaf.att.com
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
+
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
+
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.secret]
+
+as testid@aaf.att.com
+# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A * *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+** Expect 200,404 **
+Deleted Permission
+
+force role delete com.test.TC_Perm2.@[user.name].p.watcher
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Perm2.@[user.name].p.superUser
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Perm2.@[user.name].p.secret
+** Expect 200,404 **
+Deleted Role
+
+as XX@NS
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Perm2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm2.@[user.name].p
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Perm2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm2.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm2.@[user.name].p
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Perm2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Perm3.expected b/authz-test/TestSuite/expected/TC_Perm3.expected
new file mode 100644
index 00000000..6cdf2297
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Perm3.expected
@@ -0,0 +1,136 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set testid_1@test.com <pass>
+set testid_2@test.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+# TC_Perm3.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Perm3.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm3.10.1.POS Create Namespace with User ID
+ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.2.POS Create Namespace with Different ID
+ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.3.POS Create Namespace in Different Company
+ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as testid_1@test.com
+# TC_Perm3.20.0.POS User1 Create a Perm
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.20.6.POS User2 should be able to create Role in own group
+as testid_2@test.com
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Created Role
+
+# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
+as testid_2@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.30.0.POS User1 Create a Perm
+as testid_1@test.com
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b]
+
+# TC_Perm3.30.6.POS User2 should be able to create Role in own group
+as testunused@aaf.att.com
+role create com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 201 **
+Created Role
+
+# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction]
+
+# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b]
+
+as testid_1@test.com
+# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testid_2@test.com
+# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.5.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testunused@aaf.att.com
+# TC_Perm3.99.6.POS Remove Namespace from other company
+force ns delete com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.7.POS Print Namespace from other company
+ns list name com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Realm1.expected b/authz-test/TestSuite/expected/TC_Realm1.expected
new file mode 100644
index 00000000..67232e2a
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Realm1.expected
@@ -0,0 +1,210 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Realm1.10.0.POS Validate no NS
+ns list name com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Realm1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as XX@NS
+# TC_Realm1.10.10.POS Grant ability to change delegates
+force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg
+** Expect 201 **
+Created Role [com.test.TC_Realm1.@[THE_USER].change_delg]
+Created Permission
+Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.TC_Realm1.@[THE_USER].change_delg]
+
+# TC_Realm1.10.11.POS Create user role to change delegates
+user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg
+** Expect 201 **
+Added Role [com.test.TC_Realm1.@[THE_USER].change_delg] to User [testid@aaf.att.com]
+
+as testid@aaf.att.com
+# TC_Realm1.20.1.NEG Fail to create - default domain wrong
+ns create com.test.TC_Realm1.@[user.name].project1 testunused
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testunused@csp.att.com does not have permission to assume test status at AT&T
+
+# TC_Realm1.20.2.POS Create - default domain appended
+ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name]
+** Expect 201 **
+Created Namespace
+
+# TC_Realm1.20.3.NEG Fail to create - default domain wrong
+ns admin add com.test.TC_Realm1.@[user.name].project1 testunused
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.20.4.POS Create - full domain given
+ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.20.5.POS Delete - default domain appended
+ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name]
+** Expect 200 **
+Admin @[THE_USER]@csp.att.com deleted from com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.20.6.POS Add admin - default domain appended
+ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name]
+** Expect 201 **
+Admin @[THE_USER]@csp.att.com added to com.test.TC_Realm1.@[THE_USER].project1
+
+# TC_Realm1.30.1.POS Create role to add to users
+role create com.test.TC_Realm1.@[user.name].role1
+** Expect 201 **
+Created Role
+
+# TC_Realm1.30.2.NEG Add user, but default domain wrong
+role user add com.test.TC_Realm1.@[user.name].role1 testunused
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.30.3.POS Add user, with default domain appended
+role user add com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 201 **
+Added User [@[THE_USER]@csp.att.com] to Role [com.test.TC_Realm1.@[THE_USER].role1]
+
+# TC_Realm1.30.10.POS Role list, with default domain added
+role list user testunused
+** Expect 200 **
+
+List Roles for User [testunused@csp.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Realm1.30.80.POS Delete user, with default domain appended
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 200 **
+Removed User [@[THE_USER]@csp.att.com] from Role [com.test.TC_Realm1.@[THE_USER].role1]
+
+# TC_Realm1.40.1.POS Create role to add to users
+role create com.test.TC_Realm1.@[user.name].role2
+** Expect 201 **
+Created Role
+
+# TC_Realm1.40.2.NEG Add user, but default domain wrong
+user role add testunused com.test.TC_Realm1.@[user.name].role2
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID
+
+# TC_Realm1.40.3.POS Add user, with default domain appended
+user role add @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 201 **
+Added Role [com.test.TC_Realm1.@[THE_USER].role2] to User [@[THE_USER]@csp.att.com]
+
+# TC_Realm1.40.10.NEG Add delegate, but default domain wrong
+user delegate add testunused testid 2099-01-01
+** Expect 404 **
+Failed [SVC5404]: Not Found - [testunused@csp.att.com] is not a user in the company database.
+
+# TC_Realm1.40.11.POS Add delegate, with default domain appended
+force user delegate add @[user.name] @[user.name] 2099-01-01
+** Expect 201 **
+Delegate Added
+
+# TC_Realm1.40.12.POS Update delegate, with default domain appended
+user delegate upd @[user.name] @[user.name] 2099-01-01
+** Expect 200 **
+Delegate Updated
+
+as XX@NS
+# TC_Realm1.40.20.POS List delegate, with default domain appended
+user list delegates user @[user.name]
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+# TC_Realm1.40.21.POS List delegate, with default domain appended
+user list delegates delegate @[user.name]
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_Realm1.40.80.POS Delete user, with default domain appended
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 200 **
+Removed Role [com.test.TC_Realm1.@[THE_USER].role2] from User [@[THE_USER]@csp.att.com]
+
+# TC_Realm1.40.81.POS Delete delegate, with default domain appended
+user delegate del @[user.name]
+** Expect 200 **
+Delegate Deleted
+
+as testid@aaf.att.com
+# TC_Realm1.99.1.POS Delete delgates
+user delegate del @[user.name]
+** Expect 200,404 **
+Failed [SVC7404]: Not Found - Cannot delete non-existent Delegate
+
+# TC_Realm1.99.2.POS Delete user roles
+role user del com.test.TC_Realm1.@[user.name].role1 @[user.name]
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role1 ]
+
+user role del @[user.name] com.test.TC_Realm1.@[user.name].role2
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role2 ]
+
+# TC_Realm1.99.3.POS Delete roles
+role delete com.test.TC_Realm1.@[user.name].role1
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_Realm1.@[user.name].role2
+** Expect 200,404 **
+Deleted Role
+
+as XX@NS
+# TC_Realm1.99.10.POS UnGrant ability to change delegates
+perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.delg|com.att|change] not associated with any Role
+
+as testid@aaf.att.com
+# TC_Realm1.99.11.POS Delete role to change delegates
+set force true
+set force=true role delete com.test.TC_Realm1.@[user.name].change_delg
+** Expect 200,404 **
+Deleted Role
+
+# TC_Realm1.99.98.POS Delete Namespaces
+ns delete com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+ns delete com.test.TC_Realm1.@[user.name].project1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Realm1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_Realm1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Role1.expected b/authz-test/TestSuite/expected/TC_Role1.expected
new file mode 100644
index 00000000..5cb610fb
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Role1.expected
@@ -0,0 +1,369 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Role1.10.0.POS Validate NS ok
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_Role1.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.20.2.POS Add Roles
+role create com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role1.@[user.name].r.B
+** Expect 201 **
+Created Role
+
+# TC_Role1.20.3.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.20.4.NEG Don't write over Role
+role create com.test.TC_Role1.@[user.name].r.A
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists
+
+# TC_Role1.20.5.NEG Don't allow non-user to create
+as bogus
+role create com.test.TC_Role1.@[user.name].r.No
+** Expect 401 **
+Failed with code 401, Unauthorized
+
+# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
+as testunused@aaf.att.com
+role create com.test.TC_Role1.@[user.name].r.No
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No]
+
+# TC_Role1.20.10.NEG Non-admins can't change description
+as testunused@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A
+
+# TC_Role1.20.11.NEG Role must exist to change description
+as testid@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.C Description C
+** Expect 404 **
+Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
+
+# TC_Role1.20.12.POS Admin can change description
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+** Expect 200 **
+Description added to role
+
+# TC_Role1.30.1.POS List Data on non-Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
+ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.30.3.POS List Data on NS with sub-roles
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+
+ns list name com.test.TC_Role1.@[user.name].r
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].r.B
+ com.test.TC_Role1.@[THE_USER].r.admin
+ com.test.TC_Role1.@[THE_USER].r.owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].r.access * *
+ com.test.TC_Role1.@[THE_USER].r.access * read
+
+# TC_Role1.40.01.POS List Data on non-Empty NS
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+
+# TC_Role1.40.20.POS Create a Perm, and add to Role
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A]
+
+# TC_Role1.40.25.POS List
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+
+# TC_Role1.40.30.POS Create a Perm
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+** Expect 201 **
+Created Permission
+
+# TC_Role1.40.32.POS Separately Grant Perm
+perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
+** Expect 201 **
+Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A]
+
+# TC_Role1.40.35.POS List
+role list role com.test.TC_Role1.@[user.name].r.A
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER].r.A
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.50.1.POS Create user to attach to role
+user cred add m00001@@[user.name].TC_Role1.test.com password123
+** Expect 201 **
+Added Credential [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.50.2.POS Create new role
+role create com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Created Role
+
+# TC_Role1.50.3.POS Attach user to role
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.50.4.POS Create permission and attach to role
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C]
+
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
+role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 424 **
+Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users.
+
+# TC_Role1.50.21.POS Force delete role should work
+set force true
+set force=true role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 200 **
+Deleted Role
+
+# TC_Role1.50.30.POS List Data on non-Empty NS
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role1.@[THE_USER].admin
+ com.test.TC_Role1.@[THE_USER].cred_admin
+ com.test.TC_Role1.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role1.@[THE_USER].access * *
+ com.test.TC_Role1.@[THE_USER].access * read
+ com.test.TC_Role1.@[THE_USER].p.C myInstance myAction
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
+ com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
+ Credentials
+ m00001@@[THE_USER].TC_Role1.test.com
+
+# Need to let DB catch up on deletes
+sleep 0
+as testid@aaf.att.com
+# TC_Role1.99.05.POS Remove Permissions from "40_reports"
+set force true
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
+force role delete com.test.TC_Role1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role1.@[user.name].r.B
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role1.@[user.name].r.C
+** Expect 200,404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
+
+# TC_Role1.99.15.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_Role1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
+perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
+** Expect 200,404 **
+Deleted Permission
+
+set force true
+user cred del m00001@@[user.name].TC_Role1.test.com
+** Expect 200,404 **
+Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com]
+
+# TC_Role1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role1.@[user.name].r
+** Expect 200,404 **
+Deleted Namespace
+
+force ns delete com.test.TC_Role1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Role1.99.99.POS List to prove clean Namespaces
+ns list name com.test.TC_Role1.@[user.name].r
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Role1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Role2.expected b/authz-test/TestSuite/expected/TC_Role2.expected
new file mode 100644
index 00000000..45abf9fd
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Role2.expected
@@ -0,0 +1,447 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com
+# TC_Role2.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+role create com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Role
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+as XX@NS
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.pigs
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.10.POS Add testunused to animals
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
+
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+role list user XX@NS
+** Expect 200 **
+
+List Roles for User [XX@NS]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].access * *
+com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].access * read
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
+
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
+
+as XX@NS
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200,404 **
+Deleted Role
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_UR1.expected b/authz-test/TestSuite/expected/TC_UR1.expected
new file mode 100644
index 00000000..7630488f
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_UR1.expected
@@ -0,0 +1,266 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_UR1.10.0.POS Validate no NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_UR1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_UR1.10.20.POS Create two Credentials
+user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.10.21.POS Create two Roles
+role create com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Created Role
+
+role create com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Created Role
+
+# TC_UR1.23.1.NEG Too Few Args for User Role 1
+user
+** Expect 0 **
+user role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+ cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+ delegate <add|upd|del> <from> [to REQ A&U] [until (YYYY-MM-DD) REQ A]
+ list role <role>
+ perm <type> <instance> <action>
+ cred <ns|id> <value>
+ delegates <user|delegate> <id>
+ approvals <user|approver|ticket> <value>
+ activity <user>
+
+# TC_UR1.23.2.NEG Too Few Args for user role
+user role
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.23.3.NEG Too Few Args for user role add
+user role add
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.30.10.POS Create a UserRole
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.11.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.13.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.20.POS Create multiple UserRoles
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+Added Role [com.test.TC_UR1.@[THE_USER].r2] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.21.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.23.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+Removed Role [com.test.TC_UR1.@[THE_USER].r2] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.30.POS Create a Role User
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.31.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.33.POS Delete Role User
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.40.POS Create multiple Role Users
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+Added User [m00002@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.41.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.43.POS Delete Role Users
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+Removed User [m00002@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.10.POS Create multiple UserRoles
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Set User's Roles to [com.test.TC_UR1.@[THE_USER].r1,com.test.TC_UR1.@[THE_USER].r2]
+
+# TC_UR1.40.11.POS Reset userrole for a user
+user role setTo m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Set User's Roles to []
+
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+as testunused@aaf.att.com
+# TC_UR1.40.19.NEG User without permission tries to add userrole
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.20.NEG User without permission tries to add userrole
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+as testid@aaf.att.com
+# TC_UR1.40.22.POS Reset userrole for a user
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Set the Role to Users []
+
+sleep 0
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+sleep 0
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+# Need to let DB catch up on deletes
+sleep 0
+as testid@aaf.att.com
+# TC_UR1.99.1.POS Remove User from Role
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+
+role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Set the Role to Users []
+
+# TC_UR1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_UR1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.3.POS Delete Creds
+set force true
+user cred del m00001@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+set force true
+user cred del m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.99.4.POS Delete Roles
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Deleted Role
+
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r2
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.5.POS Delete Namespace
+set force true
+set force=true ns delete com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_UR1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_User1.expected b/authz-test/TestSuite/expected/TC_User1.expected
new file mode 100644
index 00000000..e1d304f5
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_User1.expected
@@ -0,0 +1,485 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+set m99990@@[THE_USER].TC_User1.test.com password123
+set m99995@@[THE_USER].TC_User1.test.com password123
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as XX@NS
+# TC_User1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_User1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_User1.@[THE_USER].admin
+ com.test.TC_User1.@[THE_USER].cred_admin
+ com.test.TC_User1.@[THE_USER].owner
+ Permissions
+ com.test.TC_User1.@[THE_USER].access * *
+ com.test.TC_User1.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+role create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Role
+
+role create com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Role
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred add m99995@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
+
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
+** Expect 201 **
+Delegate Added
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+sleep 0
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].manager]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+user list delegates user m99990@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
+
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+user list delegates user @[user.name]
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+user list delegates delegate @[user.name]
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.99.0.POS Remove user roles
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
+
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
+
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200,404 **
+Deleted Permission
+
+force role delete com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+** Expect 200,404 **
+Delegate Deleted
+
+user cred del m99990@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred del m99995@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+** Expect 200,404 **
+Deleted Permission
+
+as testid@aaf.att.com
+force role delete com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/expected/TC_Wild.expected b/authz-test/TestSuite/expected/TC_Wild.expected
new file mode 100644
index 00000000..448efa1d
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Wild.expected
@@ -0,0 +1,520 @@
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+# TC_Wild.10.0.POS Validate NS ok
+ns list name com.att.test.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.att.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Wild.10.10.POS Create a clean MechID
+user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8
+** Expect 201 **
+Added Credential [m99999@@[THE_USER].TC_Wild.att.com]
+
+set m99999@@[THE_USER].TC_Wild.att.com aNewPass8
+as XX@NS
+# TC_Wild.10.11.POS Create role and assign MechID to
+role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com
+** Expect 201 **
+Created Role
+Added User [m99999@@[THE_USER].TC_Wild.att.com] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.20.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:myAction|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.20.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write
+
+
+# TC_Wild.20.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.20.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.20.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.21.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.21.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write
+
+
+# TC_Wild.21.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.21.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.21.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.30.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.30.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:tool.* write
+
+
+# TC_Wild.30.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.30.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.TC_Wild.@[THE_USER].access :role:tool.* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.30.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.31.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.31.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:* write
+
+
+# TC_Wild.31.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.31.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.TC_Wild.@[THE_USER].access :role:* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.31.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.32.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|*] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.32.5.POS Print Perms
+as m99999@@[THE_USER].TC_Wild.att.com
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access :role:* *
+
+
+# TC_Wild.32.7.POS Now able to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.32.8.POS May Print Role
+role list role com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+
+List Roles for Role[com.att.TC_Wild.@[THE_USER].tool.myRole]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+as XX@NS
+# TC_Wild.32.10.POS Delete Perms Created
+force perm delete com.att.TC_Wild.@[user.name].access :role:* *
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.50.1.NEG Fail to create a perm in NS
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction]
+
+# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.att.*:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.50.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.att.*:perm:myType:*:* write
+
+
+# TC_Wild.50.7.POS Now able to create a perm in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+perm create com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Wild.50.8.POS Print Perms
+as XX@NS
+perm list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Perms by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].myType myInstance myAction
+
+
+# TC_Wild.50.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write
+** Expect 200 **
+Deleted Permission
+
+force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction
+** Expect 200 **
+Deleted Permission
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.51.1.NEG Fail to create a role in NS
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole]
+
+# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.att.*:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.51.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.att.*:role:tool.* write
+
+
+# TC_Wild.51.7.POS Now able to create a role in NS
+as m99999@@[THE_USER].TC_Wild.att.com
+role create com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 201 **
+Created Role
+
+# TC_Wild.51.8.POS Print Perms
+as XX@NS
+role list ns com.att.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.TC_Wild.@[THE_USER].admin
+ com.att.TC_Wild.@[THE_USER].access * *
+com.att.TC_Wild.@[THE_USER].owner
+ com.att.TC_Wild.@[THE_USER].access * read
+com.att.TC_Wild.@[THE_USER].service
+ com.att.aaf.ns :com.att.*:role:tool.* write
+com.att.TC_Wild.@[THE_USER].tool.myRole
+
+# TC_Wild.51.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.att.*:role:tool.* write
+** Expect 200 **
+Deleted Permission
+
+force role delete com.att.TC_Wild.@[user.name].tool.myRole
+** Expect 200 **
+Deleted Role
+
+as m99999@@[THE_USER].TC_Wild.att.com
+# TC_Wild.52.1.NEG Fail to create a NS
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write in NS [com.test]
+
+# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action
+as XX@NS
+perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.ns|:com.test:ns|write] to Role [com.att.TC_Wild.@[THE_USER].service]
+
+# TC_Wild.52.5.POS Print Perms
+perm list user m99999@@[user.name].TC_Wild.att.com
+** Expect 200 **
+
+List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.att.aaf.ns :com.test:ns write
+
+
+# TC_Wild.52.7.POS Now able to create an NS
+as m99999@@[THE_USER].TC_Wild.att.com
+ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Wild.52.8.POS Print Perms
+as XX@NS
+ns list name com.test.TC_Wild.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Wild.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Wild.@[THE_USER].admin
+ com.test.TC_Wild.@[THE_USER].owner
+ Permissions
+ com.test.TC_Wild.@[THE_USER].access * *
+ com.test.TC_Wild.@[THE_USER].access * read
+
+# TC_Wild.52.10.POS Delete Perms Created
+force perm delete com.att.aaf.ns :com.test:ns write
+** Expect 200 **
+Deleted Permission
+
+force ns delete com.test.TC_Wild.@[user.name]
+** Expect 200 **
+Deleted Namespace
+
+as XX@NS
+# TC_Wild.99.80.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|write] does not exist
+
+# TC_Wild.99.81.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:perm:*:* *
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|*] does not exist
+
+# TC_Wild.99.82.POS Cleanup
+force perm delete com.att.aaf.ns :com.att.*:role:* write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:role:*|write] does not exist
+
+# TC_Wild.99.83.POS Cleanup
+force perm delete com.att.aaf.ns :com.test:ns write
+** Expect 200,404 **
+Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.test:ns|write] does not exist
+
+# TC_Wild.99.90.POS Cleanup
+force ns delete com.test.TC_Wild.@[user.name]
+** Expect 200,404 **
+Failed [SVC2404]: Not Found - com.test.TC_Wild.@[THE_USER] does not exist
+
+# TC_Wild.99.91.POS Cleanup
+force ns delete com.att.TC_Wild.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Wild.99.99.POS List to prove clean Namespaces
+ns list name com.att.TC_Wild.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.att.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+ns list name com.test.TC_Wild.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Wild.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
diff --git a/authz-test/TestSuite/list b/authz-test/TestSuite/list
new file mode 100644
index 00000000..8742d971
--- /dev/null
+++ b/authz-test/TestSuite/list
@@ -0,0 +1,2 @@
+# /bin/sh
+find . -maxdepth 1 -name "TC*" -exec sh cmds {} \; | grep \#
diff --git a/authz-test/TestSuite/qc b/authz-test/TestSuite/qc
new file mode 100644
index 00000000..83149a3a
--- /dev/null
+++ b/authz-test/TestSuite/qc
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# For Jenkins, we need to keep track of the exit code returned from each tc run;
+# if it's ever non-zero (ie, a failure), must return that value when this script exits
+#
+STATUS=0
+
+for DIR in `ls | grep ^TC_ | sort`; do
+ echo "**" | tee reports/$DIR.txt
+ echo "** TC Group: $DIR" | tee -a reports/$DIR.txt
+ echo "** Date : "`date` | tee -a reports/$DIR.txt
+ echo "** By : "`who | cut -d " " -f 1` | tee -a reports/$DIR.txt
+ echo "**" | tee -a reports/$DIR.txt
+ echo "" >> reports/$DIR.txt
+ echo "-- Description --" >> reports/$DIR.txt
+ cat $DIR/Description >> reports/$DIR.txt
+ echo -- Positive Cases -- >> reports/$DIR.txt
+ grep -h "^# $DIR.*POS " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt
+ echo >> reports/$DIR.txt
+ echo -- Negative Cases -- >> reports/$DIR.txt
+ grep -h "^# $DIR.*NEG " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt
+
+
+ echo "" >> reports/$DIR.txt
+ echo "-- Results" | tee -a reports/$DIR.txt
+ echo "" | tee -a reports/$DIR.txt
+
+ bash ./tc $DIR | tee -a reports/$DIR.txt
+
+ if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+ STATUS=1
+ fi
+done
+
+
+exit $STATUS
+
+
diff --git a/authz-test/TestSuite/reset b/authz-test/TestSuite/reset
new file mode 100644
index 00000000..af9b1005
--- /dev/null
+++ b/authz-test/TestSuite/reset
@@ -0,0 +1,4 @@
+set m12345=<pass>
+as m12345
+ns create com.test testid@test.com
+
diff --git a/authz-test/TestSuite/rpt1 b/authz-test/TestSuite/rpt1
new file mode 100644
index 00000000..4997ed83
--- /dev/null
+++ b/authz-test/TestSuite/rpt1
@@ -0,0 +1,22 @@
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt1 <TestCase>"
+ exit 1
+fi
+
+echo "**"
+echo "** TC Group: $1"
+echo "** Date : "`date`
+echo "** By : "`who | cut -d " " -f 1`
+echo "**"
+echo ""
+echo "-- Description --"
+cat $1/Description
+echo -- Positive Cases --
+grep -h "^# $1.*POS " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+echo
+echo -- Negative Cases --
+grep -h "^# $1.*NEG " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /'
+
+cd ..
+exit 0
diff --git a/authz-test/TestSuite/rpt2 b/authz-test/TestSuite/rpt2
new file mode 100644
index 00000000..45eb1e21
--- /dev/null
+++ b/authz-test/TestSuite/rpt2
@@ -0,0 +1,12 @@
+# /bin/bash
+if [ "$1" == "" ]; then
+ echo "Usage: rpt2 <TestCase>"
+ exit 1
+fi
+
+./rpt1 $1
+echo ""
+echo "-- Results"
+echo ""
+./tc $1
+
diff --git a/authz-test/TestSuite/tc b/authz-test/TestSuite/tc
new file mode 100644
index 00000000..ed21c64e
--- /dev/null
+++ b/authz-test/TestSuite/tc
@@ -0,0 +1,82 @@
+#!/bin/bash
+TS=`echo $0 | sed "s/\/tc//"`
+
+mkdir -p runs
+
+function failed {
+ echo "FAILED TEST! $*"
+ exit 1
+}
+
+if [ "$1" == "-a" ]; then
+ OPTS=$OPTS" -a";
+ shift
+elif [ "$1" == "clean" ]; then
+ CLEAN="TRUE"
+ shift
+fi
+
+if [[ -z $USER ]]; then
+ THE_USER=`whoami`
+elif [[ -n "$SUDO_USER" ]]; then
+ THE_USER=$SUDO_USER
+elif [[ -n "$USER" ]]; then
+ THE_USER=$USER
+fi
+
+if [ "$1" == "" ]; then
+ DIRS=`find $TS -maxdepth 2 -type d -name "TC_*" | sed "s/^$TS\///" | sort`
+ if [ "$DIRS" == "" ] ; then
+ echo "Usage: tc <TestCase> [expected]"
+ echo " expected - create the expected response for future comparison"
+ exit 1
+ fi
+else
+ DIRS=$1
+ shift
+fi
+
+if [ "$1" == "-a" ]; then
+ OPTS=$OPTS" -a";
+ shift
+elif [ "$1" == "clean" ]; then
+ CLEAN="TRUE"
+ shift
+fi
+
+if [ -e tc.delay ]; then
+ OPTS=$OPTS" -delayAll "`cat tc.delay`
+fi
+
+
+SUFFIX=`date "+%Y-%m-%d_%H:%M:%S"`
+for TC in $DIRS; do
+ echo $TC
+ if [ "$CLEAN" = "TRUE" ]; then
+ cat $TS/$TC/00* $TS/$TC/99* | aafcli -i -a -t -n
+ rm -f last
+ ln -s runs/$TC.CLEAN.$SUFFIX last
+ elif [ "$1" = "expected" ]; then
+ SUFFIX=$1
+ cat $TS/$TC/[0-9]* | aafcli -i -t 2>&1 | sed -e "/$THE_USER/s//@[THE_USER]/g" | tee $TS/expected/$TC.$SUFFIX
+ elif [ -d "$TS/$TC" ]; then
+ if [ "$1" = "dryrun" ]; then
+ cat $TS/$TC/[0-9]* > temp
+ cat $TS/$TC/[0-9]* | aafcli -i -t
+ else
+ rm -f last
+ > runs/$TC.$SUFFIX
+ ln -s runs/$TC.$SUFFIX last
+ cat $TS/$TC/[0-9]* | aafcli -i -t $OPTS | sed -e "/$THE_USER/s//@[THE_USER]/g" -e "s/ //" 2>&1 > runs/$TC.$SUFFIX
+
+ diff --ignore-blank-lines -w runs/$TC.$SUFFIX $TS/expected/$TC.expected || failed "[$TC.$SUFFIX]"
+ echo "SUCCESS! [$TC.$SUFFIX]"
+ fi
+ elif [ -f "$TS/$TC" ]; then
+ cat $TS/$TC | aafcli -i -t $OPTS
+ else
+ echo missed dir
+ fi
+done
+
+exit 0