set testid set testid@aaf.att.com set XX@NS set testunused set bogus boguspass #delay 10 set NFR 0 # TC_Perm1.10.0.POS Validate Namespace is empty first as testid@aaf.att.com ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** # TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com ** Expect 201 ** Created Namespace # TC_Perm1.10.10.POS Create role to assign mechid perm to role create com.test.TC_Perm1.@[user.name].cred_admin ** Expect 201 ** Created Role as XX@NS # TC_Perm1.10.11.POS Assign role to mechid perm perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin ** Expect 201 ** Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin] as testid@aaf.att.com # TC_Perm1.10.12.POS Assign user for creating creds user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin ** Expect 201 ** Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS] # TC_Perm1.20.1.POS List Data on non-Empty NS ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read # TC_Perm1.20.2.POS Add Perm perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction ** Expect 201 ** Created Permission # TC_Perm1.20.3.NEG Already Added Perm perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction ** Expect 409 ** Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists. # TC_Perm1.20.4.POS Add Perm with non-existent Roles as well force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B ** Expect 201 ** Created Role [com.test.TC_Perm1.@[THE_USER].r.A] Created Role [com.test.TC_Perm1.@[THE_USER].r.B] Created Permission Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B] # TC_Perm1.20.8.POS Print Info for Validation ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction # TC_Perm1.20.9.NEG Already Added Perm with some Roles as well perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B ** Expect 409 ** Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists. # TC_Perm1.20.10.NEG Non-admins can't change description as testunused perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A ** Expect 403 ** Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] # TC_Perm1.20.11.NEG Permission must exist to change description as testid perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C ** Expect 404 ** Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist # TC_Perm1.20.12.POS Admin can change description perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A ** Expect 200 ** Description added to Permission # TC_Perm1.22.1.NEG Try to rename permission without changing anything perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction ** Expect 409 ** Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission # TC_Perm1.22.2.NEG Try to rename parent ns perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 403 ** Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.22.10.POS View permission in original state ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction # TC_Perm1.22.11.POS Rename permission instance perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction ** Expect 200 ** Updated Permission # TC_Perm1.22.12.POS Verify change in permission instance ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction # TC_Perm1.22.13.POS Rename permission action perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction ** Expect 200 ** Updated Permission # TC_Perm1.22.14.POS Verify change in permission action ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction # TC_Perm1.22.15.POS Rename permission type perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction ** Expect 200 ** Updated Permission # TC_Perm1.22.16.POS Verify change in permission type ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction # TC_Perm1.22.20.POS See permission is attached to this role role list role com.test.TC_Perm1.@[user.name].r.A ** Expect 200 ** List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction # TC_Perm1.22.21.POS Rename permission type, instance and action perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction ** Expect 200 ** Updated Permission # TC_Perm1.22.22.POS See permission stays attached after rename role list role com.test.TC_Perm1.@[user.name].r.A ** Expect 200 ** List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction # TC_Perm1.22.23.POS Verify permission is back to original state ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction # TC_Perm1.25.1.POS Create another Role in This namespace role create com.test.TC_Perm1.@[user.name].r.C ** Expect 201 ** Created Role # TC_Perm1.25.2.POS Create another Perm in This namespace perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 201 ** Created Permission # TC_Perm1.25.3.NEG Permission must Exist to Add to Role perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist # TC_Perm1.25.4.POS Grant individual new Perm to new Role perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 201 ** Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.25.5.NEG Already Granted Perm perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 409 ** Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.25.6.POS Print Info for Validation ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B com.test.TC_Perm1.@[THE_USER].r.C Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction # TC_Perm1.25.10.POS UnGrant individual new Perm to new Role perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 200 ** UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.25.11.NEG Already UnGranted Perm perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role # TC_Perm1.25.20.POS Reset roles attached to permision with setTo perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A ** Expect 200 ** Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] # TC_Perm1.25.21.POS Owner of permission can reset roles perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 200 ** Set Permission's Roles to [] # TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not as XX@NS ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS ** Expect 201 ** Created Namespace ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS ** Expect 201 ** Created Namespace # TC_Perm1.26.2.POS Create ID in other Namespace user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7 ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com] # TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid role create com.test2.TC_Perm1.@[user.name].r.C ** Expect 201 ** Created Role role create com.test2.TC_Perm1.@[user.name]_2.r.C ** Expect 201 ** Created Role # TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID as m99990@@[THE_USER].TC_Perm1.test2.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID as m99990@@[THE_USER].TC_Perm1.test2.com set request true perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 202 ** Permission Role Granted Accepted, but requires Approvals before actualizing # TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company as testid@aaf.att.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 403 ** Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company as testid@aaf.att.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist # TC_Perm1.26.14.POS Create Role as testid@aaf.att.com role create com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 201 ** Created Role # TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 201 ** Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] # TC_Perm1.26.16.POS Print Info for Validation ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B com.test.TC_Perm1.@[THE_USER].r.C Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction # TC_Perm1.26.17.POS Grant individual new Perm to new Role perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 201 ** Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.26.18.NEG Already Granted Perm perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 409 ** Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] # TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 200 ** UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] # TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID as m99990@@[THE_USER].TC_Perm1.test2.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID set request true as m99990@@[THE_USER].TC_Perm1.test2.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 202 ** Permission Role Granted Accepted, but requires Approvals before actualizing # TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID set request true perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B ** Expect 202 ** Permission Role Granted Accepted, but requires Approvals before actualizing # TC_Perm1.26.30.POS Add ID to Role as XX@NS ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com ** Expect 201 ** Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER] as m99990@@[THE_USER].TC_Perm1.test2.com sleep 0 # TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner set request true perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C ** Expect 202 ** Permission Role Granted Accepted, but requires Approvals before actualizing # TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace as testid@aaf.att.com perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 201 ** Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] # TC_Perm1.26.34.POS Print Info for Validation ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B com.test.TC_Perm1.@[THE_USER].r.C Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction as XX@NS # TC_Perm1.26.35.POS Print Info for Validation ns list name com.test2.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test2.TC_Perm1.@[THE_USER] Administrators XX@NS m99990@@[THE_USER].TC_Perm1.test2.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test2.TC_Perm1.@[THE_USER].admin com.test2.TC_Perm1.@[THE_USER].owner com.test2.TC_Perm1.@[THE_USER].r.C Permissions com.test2.TC_Perm1.@[THE_USER].access * * com.test2.TC_Perm1.@[THE_USER].access * read Credentials m99990@@[THE_USER].TC_Perm1.test2.com as testid@aaf.att.com # TC_Perm1.26.36.POS UnGrant individual new Perm to new Role as testid@aaf.att.com perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 200 ** UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] # TC_Perm1.26.37.NEG Already UnGranted Perm perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role # TC_Perm1.26.40.POS Reset roles attached to permision with setTo perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A ** Expect 200 ** Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] # TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles as m99990@@[THE_USER].TC_Perm1.test2.com perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.43.NEG Non-owner of permission cannot delete perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] # TC_Perm1.26.45.POS Owner of permission can reset roles as testid@aaf.att.com perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 200 ** Set Permission's Roles to [] as XX@NS # TC_Perm1.26.97.POS List the Namespaces ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.B com.test.TC_Perm1.@[THE_USER].r.C Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction ns list name com.test2.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test2.TC_Perm1.@[THE_USER] Administrators XX@NS m99990@@[THE_USER].TC_Perm1.test2.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test2.TC_Perm1.@[THE_USER].admin com.test2.TC_Perm1.@[THE_USER].owner com.test2.TC_Perm1.@[THE_USER].r.C Permissions com.test2.TC_Perm1.@[THE_USER].access * * com.test2.TC_Perm1.@[THE_USER].access * read Credentials m99990@@[THE_USER].TC_Perm1.test2.com as testid@aaf.att.com # TC_Perm1.26.98.POS Cleanup role delete com.test.TC_Perm1.@[user.name].r.A ** Expect 200 ** Deleted Role role delete com.test.TC_Perm1.@[user.name].r.B ** Expect 200 ** Deleted Role role delete com.test.TC_Perm1.@[user.name].r.C ** Expect 200 ** Deleted Role role delete com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 200 ** Deleted Role as XX@NS role delete com.test2.TC_Perm1.@[user.name]_2.r.C ** Expect 200 ** Deleted Role role delete com.test2.TC_Perm1.@[user.name].r.C ** Expect 200 ** Deleted Role as testid@aaf.att.com perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction ** Expect 200 ** Deleted Permission perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction ** Expect 200 ** Deleted Permission perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 200 ** Deleted Permission force ns delete com.test.TC_Perm1.@[user.name]_2 ** Expect 200 ** Deleted Namespace as XX@NS set force true set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com ** Expect 200 ** Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com] ns delete com.test2.TC_Perm1.@[user.name] ** Expect 200 ** Deleted Namespace # TC_Perm1.26.99.POS List the Now Empty Namespaces ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read ns list name com.test2.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** # TC_Perm1.27.1.POS Create Permission perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction ** Expect 201 ** Created Permission # TC_Perm1.27.2.POS Create Role role create com.test.TC_Perm1.@[user.name].r.A ** Expect 201 ** Created Role # TC_Perm1.27.10.NEG Role must Exist to Add to Role without force perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown ** Expect 404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist # TC_Perm1.27.11.POS Role is created with force force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown ** Expect 201 ** Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown] Created Permission Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown] # TC_Perm1.27.12.NEG Perm must Exist to Grant without force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A ** Expect 404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist # TC_Perm1.27.13.POS Perm is created with force force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A ** Expect 201 ** Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] # TC_Perm1.27.14.POS Role and perm are created with force force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 ** Expect 201 ** Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] Created Permission Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] # TC_Perm1.30.1.POS List Data on non-Empty NS as testid ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.unknown com.test.TC_Perm1.@[THE_USER].r.unknown2 Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction # TC_Perm1.30.2.POS Create Sub-ns when Roles that exist ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com ** Expect 201 ** Created Namespace # TC_Perm1.30.3.POS List Data on NS with sub-roles ns list name com.test.TC_Perm1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].admin com.test.TC_Perm1.@[THE_USER].cred_admin com.test.TC_Perm1.@[THE_USER].owner Permissions com.test.TC_Perm1.@[THE_USER].access * * com.test.TC_Perm1.@[THE_USER].access * read com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction ns list name com.test.TC_Perm1.@[user.name].r ** Expect 200 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] -------------------------------------------------------------------------------- com.test.TC_Perm1.@[THE_USER].r Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Perm1.@[THE_USER].r.A com.test.TC_Perm1.@[THE_USER].r.admin com.test.TC_Perm1.@[THE_USER].r.owner com.test.TC_Perm1.@[THE_USER].r.unknown com.test.TC_Perm1.@[THE_USER].r.unknown2 Permissions com.test.TC_Perm1.@[THE_USER].r.access * * com.test.TC_Perm1.@[THE_USER].r.access * read as XX@NS # TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles set force true set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction ** Expect 200,404 ** Deleted Permission set force true set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction ** Expect 200,404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist set force true set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction ** Expect 200,404 ** Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist set force true set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction ** Expect 200,404 ** Deleted Permission set force true set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction ** Expect 200,404 ** Deleted Permission role delete com.test.TC_Perm1.@[user.name].r.A ** Expect 200,404 ** Deleted Role role delete com.test.TC_Perm1.@[user.name].r.B ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist role delete com.test.TC_Perm1.@[user.name].r.C ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist role delete com.test.TC_Perm1.@[user.name].r.unknown ** Expect 200,404 ** Deleted Role role delete com.test.TC_Perm1.@[user.name].r.unknown2 ** Expect 200,404 ** Deleted Role role delete com.test2.TC_Perm1.@[user.name].r.C ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist role delete com.test.TC_Perm1.@[user.name]_2.r.C ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist role delete com.test2.TC_Perm1.@[user.name]_2.r.C ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist # TC_Perm1.99.2.POS Remove ability to create creds user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin ** Expect 200,404 ** Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS] as XX@NS perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin ** Expect 200,404 ** UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin] as testid@aaf.att.com role delete com.test.TC_Perm1.@[user.name].cred_admin ** Expect 200,404 ** Deleted Role sleep 0 as XX@NS # TC_Perm1.99.98.POS Namespace Admin can delete Namespace set force true set force=true ns delete com.test2.TC_Perm1.@[user.name] ** Expect 200,404 ** Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist as testid force ns delete com.test.TC_Perm1.@[user.name].r ** Expect 200,404 ** Deleted Namespace force ns delete com.test.TC_Perm1.@[user.name]_2 ** Expect 200,404 ** Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist force ns delete com.test.TC_Perm1.@[user.name] ** Expect 200,404 ** Deleted Namespace force ns delete com.test2.TC_Perm1.@[user.name] ** Expect 200,404 ** Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist # TC_Perm1.99.99.POS List to prove removed ns list name com.test.TC_Perm1.@[user.name] ** Expect 200,404 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** ns list name com.test.TC_Perm1.@[user.name].r ** Expect 200,404 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] -------------------------------------------------------------------------------- *** Namespace Not Found *** ns list name com.test.TC_Perm1.@[user.name]_2 ** Expect 200,404 ** List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2] -------------------------------------------------------------------------------- *** Namespace Not Found *** ns list name com.test2.TC_Perm1.@[user.name] ** Expect 200,404 ** List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found ***