2 set testid@aaf.att.com <pass>
3 set testunused@aaf.att.com <pass>
8 # TC_Role2.10.0.POS Print NS to prove ok
9 ns list name com.test.TC_Role2.@[user.name]
12 List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
13 --------------------------------------------------------------------------------
14 *** Namespace Not Found ***
16 # TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
17 ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
23 # We are making a Testing model based loosely on George Orwell's Animal Farm
24 # In Animal Farm, Animals did all the work but didn't get any priviledges.
25 # In our test, the animals can't see anything but their own role, etc
26 # Dogs were supervisors, and ostensibly did something, though mostly laid around
27 # In our test, they have Implicit Permissions by being Admins
28 # Pigs were the Elite. They did nothing, but watch everyone and eat the produce
29 # In our test, they have Explicit Permissions to see everything they want
32 # TC_Role2.20.1.POS List Data on non-Empty NS
33 ns list name com.test.TC_Role2.@[user.name]
36 List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
37 --------------------------------------------------------------------------------
38 com.test.TC_Role2.@[THE_USER]
42 @[THE_USER]@csp.att.com
44 com.test.TC_Role2.@[THE_USER].admin
45 com.test.TC_Role2.@[THE_USER].owner
47 com.test.TC_Role2.@[THE_USER].access * *
48 com.test.TC_Role2.@[THE_USER].access * read
50 # TC_Role2.20.10.POS Create Orwellian Roles
51 role create com.test.TC_Role2.@[user.name].r.animals
55 role create com.test.TC_Role2.@[user.name].r.dogs
59 role create com.test.TC_Role2.@[user.name].r.pigs
63 # TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
64 perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
67 Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
69 perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
72 Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
74 perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
77 Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
79 perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
82 Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
84 # TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
86 perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
89 Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
91 perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
94 Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
96 # TC_Role2.20.60.POS List Data on non-Empty NS
98 ns list name com.test.TC_Role2.@[user.name]
101 List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
102 --------------------------------------------------------------------------------
103 com.test.TC_Role2.@[THE_USER]
107 @[THE_USER]@csp.att.com
109 com.test.TC_Role2.@[THE_USER].admin
110 com.test.TC_Role2.@[THE_USER].owner
111 com.test.TC_Role2.@[THE_USER].r.animals
112 com.test.TC_Role2.@[THE_USER].r.dogs
113 com.test.TC_Role2.@[THE_USER].r.pigs
115 com.test.TC_Role2.@[THE_USER].access * *
116 com.test.TC_Role2.@[THE_USER].access * read
117 com.test.TC_Role2.@[THE_USER].r.A * *
118 com.test.TC_Role2.@[THE_USER].r.A garbage eat
119 com.test.TC_Role2.@[THE_USER].r.A grain *
120 com.test.TC_Role2.@[THE_USER].r.A grain eat
123 # TC_Role2.40.1.POS List Data on Role
124 role list role com.test.TC_Role2.@[user.name].r.animals
127 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
128 --------------------------------------------------------------------------------
130 PERM Type Instance Action
131 --------------------------------------------------------------------------------
132 com.test.TC_Role2.@[THE_USER].r.animals
133 com.test.TC_Role2.@[THE_USER].r.A garbage eat
135 role list role com.test.TC_Role2.@[user.name].r.dogs
138 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
139 --------------------------------------------------------------------------------
141 PERM Type Instance Action
142 --------------------------------------------------------------------------------
143 com.test.TC_Role2.@[THE_USER].r.dogs
144 com.test.TC_Role2.@[THE_USER].r.A * *
145 com.test.TC_Role2.@[THE_USER].r.A grain *
146 com.test.TC_Role2.@[THE_USER].r.A grain eat
148 role list role com.test.TC_Role2.@[user.name].r.pigs
151 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
152 --------------------------------------------------------------------------------
154 PERM Type Instance Action
155 --------------------------------------------------------------------------------
156 com.test.TC_Role2.@[THE_USER].r.pigs
157 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
158 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
160 # TC_Role2.40.10.POS Add testunused to animals
161 as testid@aaf.att.com
162 user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
164 Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
166 # TC_Role2.40.11.POS List by Name when part of role
167 as testunused@aaf.att.com
168 role list role com.test.TC_Role2.@[user.name].r.animals
171 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
172 --------------------------------------------------------------------------------
174 PERM Type Instance Action
175 --------------------------------------------------------------------------------
176 com.test.TC_Role2.@[THE_USER].r.animals
177 com.test.TC_Role2.@[THE_USER].r.A garbage eat
179 # TC_Role2.40.12.NEG List by Name when not part of Role
180 role list role com.test.TC_Role2.@[user.name].r.dogs
182 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
184 role list role com.test.TC_Role2.@[user.name].r.pigs
186 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
188 # TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
189 as testid@aaf.att.com
190 role list role com.test.TC_Role2.@[user.name].r.animals
193 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
194 --------------------------------------------------------------------------------
196 PERM Type Instance Action
197 --------------------------------------------------------------------------------
198 com.test.TC_Role2.@[THE_USER].r.animals
199 com.test.TC_Role2.@[THE_USER].r.A garbage eat
201 role list role com.test.TC_Role2.@[user.name].r.dogs
204 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
205 --------------------------------------------------------------------------------
207 PERM Type Instance Action
208 --------------------------------------------------------------------------------
209 com.test.TC_Role2.@[THE_USER].r.dogs
210 com.test.TC_Role2.@[THE_USER].r.A * *
211 com.test.TC_Role2.@[THE_USER].r.A grain *
212 com.test.TC_Role2.@[THE_USER].r.A grain eat
214 role list role com.test.TC_Role2.@[user.name].r.pigs
217 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
218 --------------------------------------------------------------------------------
220 PERM Type Instance Action
221 --------------------------------------------------------------------------------
222 com.test.TC_Role2.@[THE_USER].r.pigs
223 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
224 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
226 # TC_Role2.40.50.POS Change testunused to Pigs
227 as testid@aaf.att.com
228 user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
230 Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
232 user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
234 Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
236 # TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
237 as testunused@aaf.att.com
238 role list role com.test.TC_Role2.@[user.name].r.animals
240 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
242 role list role com.test.TC_Role2.@[user.name].r.dogs
244 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
246 role list role com.test.TC_Role2.@[user.name].r.pigs
249 List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
250 --------------------------------------------------------------------------------
252 PERM Type Instance Action
253 --------------------------------------------------------------------------------
254 com.test.TC_Role2.@[THE_USER].r.pigs
255 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
256 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
258 # TC_Role2.41.10.POS List by User when Same as Caller
259 as testunused@aaf.att.com
260 role list user testunused@aaf.att.com
263 List Roles for User [testunused@aaf.att.com]
264 --------------------------------------------------------------------------------
266 PERM Type Instance Action
267 --------------------------------------------------------------------------------
268 com.test.TC_Role2.@[THE_USER].r.pigs
269 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
270 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
272 # TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
273 as testid@aaf.att.com
274 role list user testunused@aaf.att.com
277 List Roles for User [testunused@aaf.att.com]
278 --------------------------------------------------------------------------------
280 PERM Type Instance Action
281 --------------------------------------------------------------------------------
282 com.test.TC_Role2.@[THE_USER].r.pigs
283 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
284 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
286 # TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
288 role list user testunused@aaf.att.com
291 List Roles for User [testunused@aaf.att.com]
292 --------------------------------------------------------------------------------
294 PERM Type Instance Action
295 --------------------------------------------------------------------------------
296 com.test.TC_Role2.@[THE_USER].r.pigs
297 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
298 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
300 # TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
301 as testunused@aaf.att.com
305 List Roles for User [XX@NS]
306 --------------------------------------------------------------------------------
308 PERM Type Instance Action
309 --------------------------------------------------------------------------------
311 # TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
312 as testid@aaf.att.com
313 role list ns com.test.TC_Role2.@[user.name]
316 List Roles by NS [com.test.TC_Role2.@[THE_USER]]
317 --------------------------------------------------------------------------------
319 PERM Type Instance Action
320 --------------------------------------------------------------------------------
321 com.test.TC_Role2.@[THE_USER].admin
322 com.test.TC_Role2.@[THE_USER].access * *
323 com.test.TC_Role2.@[THE_USER].owner
324 com.test.TC_Role2.@[THE_USER].access * read
325 com.test.TC_Role2.@[THE_USER].r.animals
326 com.test.TC_Role2.@[THE_USER].r.A garbage eat
327 com.test.TC_Role2.@[THE_USER].r.dogs
328 com.test.TC_Role2.@[THE_USER].r.A * *
329 com.test.TC_Role2.@[THE_USER].r.A grain *
330 com.test.TC_Role2.@[THE_USER].r.A grain eat
331 com.test.TC_Role2.@[THE_USER].r.pigs
332 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
333 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
335 # TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
336 as testunused@aaf.att.com
337 role list ns com.test.TC_Role2.@[user.name]
339 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
341 # TC_Role2.43.10.POS List Roles when allowed to see Perm
342 as testid@aaf.att.com
343 role list perm com.test.TC_Role2.@[user.name].r.A grain eat
346 List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
347 --------------------------------------------------------------------------------
349 PERM Type Instance Action
350 --------------------------------------------------------------------------------
351 com.test.TC_Role2.@[THE_USER].r.dogs
352 com.test.TC_Role2.@[THE_USER].r.A * *
353 com.test.TC_Role2.@[THE_USER].r.A grain *
354 com.test.TC_Role2.@[THE_USER].r.A grain eat
356 role list perm com.test.TC_Role2.@[user.name].r.A grain *
359 List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
360 --------------------------------------------------------------------------------
362 PERM Type Instance Action
363 --------------------------------------------------------------------------------
364 com.test.TC_Role2.@[THE_USER].r.dogs
365 com.test.TC_Role2.@[THE_USER].r.A * *
366 com.test.TC_Role2.@[THE_USER].r.A grain *
367 com.test.TC_Role2.@[THE_USER].r.A grain eat
369 role list perm com.test.TC_Role2.@[user.name].r.A * *
372 List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
373 --------------------------------------------------------------------------------
375 PERM Type Instance Action
376 --------------------------------------------------------------------------------
377 com.test.TC_Role2.@[THE_USER].r.dogs
378 com.test.TC_Role2.@[THE_USER].r.A * *
379 com.test.TC_Role2.@[THE_USER].r.A grain *
380 com.test.TC_Role2.@[THE_USER].r.A grain eat
382 # TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
383 as testunused@aaf.att.com
384 role list perm com.test.TC_Role2.@[user.name].r.A grain eat
386 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
388 role list perm com.test.TC_Role2.@[user.name].r.A grain *
390 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
392 role list perm com.test.TC_Role2.@[user.name].r.A * *
394 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
397 # TC_Role2.99.1.POS Delete Roles
398 force role delete com.test.TC_Role2.@[user.name].r.animals
402 force role delete com.test.TC_Role2.@[user.name].r.dogs
406 force role delete com.test.TC_Role2.@[user.name].r.pigs
410 # TC_Role2.99.2.POS Delete Perms
411 force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
415 force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
419 force perm delete com.test.TC_Role2.@[user.name].r.A grain *
423 force perm delete com.test.TC_Role2.@[user.name].r.A * *
427 force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
431 force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
435 # TC_Role2.99.2.POS Namespace Admin can delete Namespace
436 force ns delete com.test.TC_Role2.@[user.name]
440 # TC_Role2.99.3.POS Print Namespaces
441 ns list name com.test.TC_Role2.@[user.name]
444 List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
445 --------------------------------------------------------------------------------
446 *** Namespace Not Found ***