2 set testid@aaf.att.com <pass>
3 set testunused@aaf.att.com <pass>
4 set bogus@aaf.att.com boguspass
5 set m99990@@[THE_USER].TC_User1.test.com password123
6 set m99995@@[THE_USER].TC_User1.test.com password123
10 # TC_User1.10.0.POS Check for Existing Data
11 ns list name com.test.TC_User1.@[user.name]
14 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
15 --------------------------------------------------------------------------------
16 *** Namespace Not Found ***
18 # TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
19 ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
23 # TC_User1.10.10.POS Create role to assign mechid perm to
24 role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
27 Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
30 # TC_User1.10.11.POS Assign role to mechid perm
31 perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
33 Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
35 perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
37 Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
40 # TC_User1.01.99.POS Expect Namespace to be created
41 ns list name com.test.TC_User1.@[user.name]
44 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
45 --------------------------------------------------------------------------------
46 com.test.TC_User1.@[THE_USER]
50 @[THE_USER]@csp.att.com
52 com.test.TC_User1.@[THE_USER].admin
53 com.test.TC_User1.@[THE_USER].cred_admin
54 com.test.TC_User1.@[THE_USER].owner
56 com.test.TC_User1.@[THE_USER].access * *
57 com.test.TC_User1.@[THE_USER].access * read
60 # TC_User1.20.1.POS Create roles
61 role create com.test.TC_User1.@[user.name].manager
65 role create com.test.TC_User1.@[user.name].worker
69 # TC_User1.20.2.POS Create permissions
70 perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
73 Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
75 perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
78 Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
80 perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
83 Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
85 perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
88 Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
90 # TC_User1.20.3.POS Create mechid
91 user cred add m99990@@[user.name].TC_User1.test.com password123
93 Added Credential [m99990@@[THE_USER].TC_User1.test.com]
95 user cred add m99995@@[user.name].TC_User1.test.com password123
97 Added Credential [m99995@@[THE_USER].TC_User1.test.com]
100 # TC_User1.20.10.POS Add users to roles
101 user role add @[user.name] com.test.TC_User1.@[user.name].manager
103 Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
105 user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
107 Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
109 # TC_User1.20.20.POS Add Delegate
111 # TC_User1.20.20.POS Create delegates
112 force user delegate add @[user.name] @[user.name]
116 # TC_User1.40.1.NEG Non-admin, user not in role should not view
117 as testunused@aaf.att.com
118 user list role com.test.TC_User1.@[user.name].manager
120 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
122 user list role com.test.TC_User1.@[user.name].worker
124 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
126 as m99990@@[THE_USER].TC_User1.test.com
127 # TC_User1.40.2.NEG Non-admin, user in role should not view
128 user list role com.test.TC_User1.@[user.name].manager
130 Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
133 # TC_User1.40.3.POS Non-admin, user in role can view himself
134 user list role com.test.TC_User1.@[user.name].worker
137 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
138 --------------------------------------------------------------------------------
140 --------------------------------------------------------------------------------
141 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
144 as testid@aaf.att.com
145 # TC_User1.40.10.POS admin should view
146 user list role com.test.TC_User1.@[user.name].manager
149 List Users for Role[com.test.TC_User1.@[THE_USER].manager]
150 --------------------------------------------------------------------------------
152 --------------------------------------------------------------------------------
153 @[THE_USER]@csp.att.com XXXX-XX-XX
156 user list role com.test.TC_User1.@[user.name].worker
159 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
160 --------------------------------------------------------------------------------
162 --------------------------------------------------------------------------------
163 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
166 as testunused@aaf.att.com
167 # TC_User1.41.1.NEG Non-admin, user not in perm should not view
168 user list perm com.test.TC_User1.@[user.name].supplies * move
171 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
172 --------------------------------------------------------------------------------
174 --------------------------------------------------------------------------------
177 user list perm com.test.TC_User1.@[user.name].supplies * stock
180 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
181 --------------------------------------------------------------------------------
183 --------------------------------------------------------------------------------
186 user list perm com.test.TC_User1.@[user.name].schedule worker create
189 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
190 --------------------------------------------------------------------------------
192 --------------------------------------------------------------------------------
195 user list perm com.test.TC_User1.@[user.name].worker * annoy
198 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
199 --------------------------------------------------------------------------------
201 --------------------------------------------------------------------------------
204 as m99990@@[THE_USER].TC_User1.test.com
205 # TC_User1.41.2.POS Non-admin, user in perm can view himself
206 user list perm com.test.TC_User1.@[user.name].supplies * move
209 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
210 --------------------------------------------------------------------------------
212 --------------------------------------------------------------------------------
213 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
216 user list perm com.test.TC_User1.@[user.name].supplies * stock
219 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
220 --------------------------------------------------------------------------------
222 --------------------------------------------------------------------------------
223 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
226 as m99990@@[THE_USER].TC_User1.test.com
227 # TC_User1.41.3.NEG Non-admin, user in perm should not view
228 user list perm com.test.TC_User1.@[user.name].schedule worker create
231 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
232 --------------------------------------------------------------------------------
234 --------------------------------------------------------------------------------
237 user list perm com.test.TC_User1.@[user.name].worker * annoy
240 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
241 --------------------------------------------------------------------------------
243 --------------------------------------------------------------------------------
246 as testid@aaf.att.com
247 # TC_User1.41.10.POS admin should view
248 user list perm com.test.TC_User1.@[user.name].supplies * move
251 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
252 --------------------------------------------------------------------------------
254 --------------------------------------------------------------------------------
255 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
258 user list perm com.test.TC_User1.@[user.name].supplies * stock
261 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
262 --------------------------------------------------------------------------------
264 --------------------------------------------------------------------------------
265 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
268 user list perm com.test.TC_User1.@[user.name].schedule worker create
271 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
272 --------------------------------------------------------------------------------
274 --------------------------------------------------------------------------------
275 @[THE_USER]@csp.att.com XXXX-XX-XX
278 user list perm com.test.TC_User1.@[user.name].worker * annoy
281 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
282 --------------------------------------------------------------------------------
284 --------------------------------------------------------------------------------
285 @[THE_USER]@csp.att.com XXXX-XX-XX
288 as testunused@aaf.att.com
289 # TC_User1.42.1.NEG Unrelated user can't view delegates
290 user list delegates user m99990@@[user.name].TC_User1.test.com
292 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
294 user list delegates delegate m99995@@[user.name].TC_User1.test.com
296 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
299 # TC_User1.42.10.POS Admin of domain NS can view
300 user list delegates user @[user.name]
303 List Delegates by user[@[THE_USER]@csp.att.com]
304 --------------------------------------------------------------------------------
305 User Delegate Expires
306 --------------------------------------------------------------------------------
307 @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
309 user list delegates delegate @[user.name]
312 List Delegates by delegate[@[THE_USER]@csp.att.com]
313 --------------------------------------------------------------------------------
314 User Delegate Expires
315 --------------------------------------------------------------------------------
316 @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
318 as testid@aaf.att.com
319 # TC_User1.43.1.POS Add another user to worker role
320 user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
322 Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
324 as m99990@@[THE_USER].TC_User1.test.com
325 # TC_User1.43.2.POS User should only see himself here
326 user list role com.test.TC_User1.@[user.name].worker
329 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
330 --------------------------------------------------------------------------------
332 --------------------------------------------------------------------------------
333 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
334 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
337 user list perm com.test.TC_User1.@[user.name].supplies * move
340 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
341 --------------------------------------------------------------------------------
343 --------------------------------------------------------------------------------
344 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
345 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
348 user list perm com.test.TC_User1.@[user.name].supplies * stock
351 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
352 --------------------------------------------------------------------------------
354 --------------------------------------------------------------------------------
355 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
356 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
360 # TC_User1.43.10.POS Grant explicit user perm to user
361 perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
364 Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
366 as m99990@@[THE_USER].TC_User1.test.com
367 # TC_User1.43.11.POS User should see all users of test domain now
368 user list role com.test.TC_User1.@[user.name].worker
371 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
372 --------------------------------------------------------------------------------
374 --------------------------------------------------------------------------------
375 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
376 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
379 user list perm com.test.TC_User1.@[user.name].supplies * move
382 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
383 --------------------------------------------------------------------------------
385 --------------------------------------------------------------------------------
386 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
387 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
390 user list perm com.test.TC_User1.@[user.name].supplies * stock
393 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
394 --------------------------------------------------------------------------------
396 --------------------------------------------------------------------------------
397 m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
398 m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
401 as testid@aaf.att.com
402 # TC_User1.99.0.POS Remove user roles
403 user role del @[user.name] com.test.TC_User1.@[user.name].manager
405 Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
407 user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
409 Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
411 user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
413 Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
415 # TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
416 force perm delete com.test.TC_User1.@[user.name].supplies * move
420 force perm delete com.test.TC_User1.@[user.name].supplies * stock
424 force perm delete com.test.TC_User1.@[user.name].schedule worker create
428 force perm delete com.test.TC_User1.@[user.name].worker * annoy
432 force role delete com.test.TC_User1.@[user.name].manager
436 force role delete com.test.TC_User1.@[user.name].worker
440 # TC_User1.99.10.POS Creds and delegate
441 user delegate del @[user.name]
445 user cred del m99990@@[user.name].TC_User1.test.com
447 Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
449 user cred del m99995@@[user.name].TC_User1.test.com
451 Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
454 # TC_User1.99.15.POS Remove ability to create creds
455 perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
457 UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
459 perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
461 UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
463 perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
467 as testid@aaf.att.com
468 force role delete com.test.TC_User1.@[user.name].cred_admin
472 # TC_User1.99.90.POS Namespace Admin can delete Namespace
473 force ns delete com.test.TC_User1.@[user.name]
478 # TC_User1.99.99.POS Check Clean Namespace
479 ns list name com.test.TC_User1.@[user.name]
482 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
483 --------------------------------------------------------------------------------
484 *** Namespace Not Found ***