Upgrade to latest oparent

[aaf/authz.git] / authz-test / TestSuite / expected / TC_Perm1.expected

set testid <pass>
set testid@aaf.att.com <pass>
set XX@NS <pass>
set testunused <pass>
set bogus boguspass
#delay 10
set NFR 0
# TC_Perm1.10.0.POS Validate Namespace is empty first
as testid@aaf.att.com
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace

# TC_Perm1.10.10.POS Create role to assign mechid perm to
role create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Created Role

as XX@NS
# TC_Perm1.10.11.POS Assign role to mechid perm
perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin]

as testid@aaf.att.com
# TC_Perm1.10.12.POS Assign user for creating creds
user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS]

# TC_Perm1.20.1.POS List Data on non-Empty NS
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           

# TC_Perm1.20.2.POS Add Perm 
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 201 **
Created Permission

# TC_Perm1.20.3.NEG Already Added Perm 
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists.

# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.A]
Created Role [com.test.TC_Perm1.@[THE_USER].r.B]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B]

# TC_Perm1.20.8.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       

# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists.

# TC_Perm1.20.10.NEG Non-admins can't change description
as testunused
perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
** Expect 403 **
Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction]

# TC_Perm1.20.11.NEG Permission must exist to change description
as testid
perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
** Expect 404 **
Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist

# TC_Perm1.20.12.POS Admin can change description
perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
** Expect 200 **
Description added to Permission

# TC_Perm1.22.1.NEG Try to rename permission without changing anything
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission

# TC_Perm1.22.2.NEG Try to rename parent ns
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.22.10.POS View permission in original state
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       

# TC_Perm1.22.11.POS Rename permission instance
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
** Expect 200 **
Updated Permission

# TC_Perm1.22.12.POS Verify change in permission instance
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   yourInstance             myAction       

# TC_Perm1.22.13.POS Rename permission action
perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
** Expect 200 **
Updated Permission

# TC_Perm1.22.14.POS Verify change in permission action
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   yourInstance             yourAction     

# TC_Perm1.22.15.POS Rename permission type
perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
** Expect 200 **
Updated Permission

# TC_Perm1.22.16.POS Verify change in permission type
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance             yourAction     

# TC_Perm1.22.20.POS See permission is attached to this role
role list role com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **

List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r.A                      
   com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance                   yourAction     

# TC_Perm1.22.21.POS Rename permission type, instance and action
perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200 **
Updated Permission

# TC_Perm1.22.22.POS See permission stays attached after rename
role list role com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **

List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r.A                      
   com.test.TC_Perm1.@[THE_USER].p.B   myInstance                     myAction       

# TC_Perm1.22.23.POS Verify permission is back to original state
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       

# TC_Perm1.25.1.POS Create another Role in This namespace
role create com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Created Role

# TC_Perm1.25.2.POS Create another Perm in This namespace
perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 201 **
Created Permission

# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist

# TC_Perm1.25.4.POS Grant individual new Perm to new Role
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.25.5.NEG Already Granted Perm
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.25.6.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
        com.test.TC_Perm1.@[THE_USER].r.C                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.C   myInstance               myAction       

# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.25.11.NEG Already UnGranted Perm
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role

# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]

# TC_Perm1.25.21.POS Owner of permission can reset roles
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Set Permission's Roles to []

# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
as XX@NS
ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
** Expect 201 **
Created Namespace

ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
** Expect 201 **
Created Namespace

# TC_Perm1.26.2.POS Create ID in other Namespace
user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com]

# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
role create com.test2.TC_Perm1.@[user.name].r.C
** Expect 201 **
Created Role

role create com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Created Role

# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
as m99990@@[THE_USER].TC_Perm1.test2.com
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing

# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist

# TC_Perm1.26.14.POS Create Role
as testid@aaf.att.com
role create com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Created Role

# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]

# TC_Perm1.26.16.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
        com.test.TC_Perm1.@[THE_USER].r.C                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.C   myInstance               myAction       

# TC_Perm1.26.17.POS Grant individual new Perm to new Role
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.26.18.NEG Already Granted Perm
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]

# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]

# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
set request true
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing

# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing

# TC_Perm1.26.30.POS  Add ID to Role
as XX@NS
ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com 
** Expect 201 **
Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER]

as m99990@@[THE_USER].TC_Perm1.test2.com
sleep 0
# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing

# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]

# TC_Perm1.26.34.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
        com.test.TC_Perm1.@[THE_USER].r.C                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.C   myInstance               myAction       

as XX@NS
# TC_Perm1.26.35.POS Print Info for Validation
ns list name com.test2.TC_Perm1.@[user.name]  
** Expect 200 **

List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test2.TC_Perm1.@[THE_USER]
    Administrators
        XX@NS                                                      
        m99990@@[THE_USER].TC_Perm1.test2.com                                        
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test2.TC_Perm1.@[THE_USER].admin                                         
        com.test2.TC_Perm1.@[THE_USER].owner                                         
        com.test2.TC_Perm1.@[THE_USER].r.C                                           
    Permissions
        com.test2.TC_Perm1.@[THE_USER].access *                        *              
        com.test2.TC_Perm1.@[THE_USER].access *                        read           
    Credentials
        m99990@@[THE_USER].TC_Perm1.test2.com                                        

as testid@aaf.att.com
# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
as testid@aaf.att.com
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]

# TC_Perm1.26.37.NEG Already UnGranted Perm
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role

# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]

# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
as m99990@@[THE_USER].TC_Perm1.test2.com
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]

# TC_Perm1.26.45.POS Owner of permission can reset roles
as testid@aaf.att.com
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Set Permission's Roles to []

as XX@NS
# TC_Perm1.26.97.POS List the Namespaces 
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.B                                            
        com.test.TC_Perm1.@[THE_USER].r.C                                            
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.B   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.C   myInstance               myAction       

ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test2.TC_Perm1.@[THE_USER]
    Administrators
        XX@NS                                                      
        m99990@@[THE_USER].TC_Perm1.test2.com                                        
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test2.TC_Perm1.@[THE_USER].admin                                         
        com.test2.TC_Perm1.@[THE_USER].owner                                         
        com.test2.TC_Perm1.@[THE_USER].r.C                                           
    Permissions
        com.test2.TC_Perm1.@[THE_USER].access *                        *              
        com.test2.TC_Perm1.@[THE_USER].access *                        read           
    Credentials
        m99990@@[THE_USER].TC_Perm1.test2.com                                        

as testid@aaf.att.com
# TC_Perm1.26.98.POS Cleanup
role delete com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Deleted Role

role delete com.test.TC_Perm1.@[user.name].r.B
** Expect 200 **
Deleted Role

role delete com.test.TC_Perm1.@[user.name].r.C
** Expect 200 **
Deleted Role

role delete com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
Deleted Role

as XX@NS
role delete com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
Deleted Role

role delete com.test2.TC_Perm1.@[user.name].r.C
** Expect 200 **
Deleted Role

as testid@aaf.att.com
perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 200 **
Deleted Permission

perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200 **
Deleted Permission

perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Deleted Permission

force ns delete com.test.TC_Perm1.@[user.name]_2
** Expect 200 **
Deleted Namespace

as XX@NS
set force true
set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com 
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com]

ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200 **
Deleted Namespace

# TC_Perm1.26.99.POS List the Now Empty Namespaces 
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           

ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_Perm1.27.1.POS Create Permission
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction 
** Expect 201 **
Created Permission

# TC_Perm1.27.2.POS Create Role
role create com.test.TC_Perm1.@[user.name].r.A
** Expect 201 **
Created Role

# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
** Expect 404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist

# TC_Perm1.27.11.POS Role is created with force
force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown]

# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist

# TC_Perm1.27.13.POS Perm is created with force
force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]

# TC_Perm1.27.14.POS Role and perm are created with force
force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]

# TC_Perm1.30.1.POS List Data on non-Empty NS
as testid
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.unknown                                      
        com.test.TC_Perm1.@[THE_USER].r.unknown2                                     
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.unknown myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance               myAction       

# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace

# TC_Perm1.30.3.POS List Data on NS with sub-roles
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].admin                                          
        com.test.TC_Perm1.@[THE_USER].cred_admin                                     
        com.test.TC_Perm1.@[THE_USER].owner                                          
    Permissions
        com.test.TC_Perm1.@[THE_USER].access *                        *              
        com.test.TC_Perm1.@[THE_USER].access *                        read           
        com.test.TC_Perm1.@[THE_USER].p.A   myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.unknown myInstance               myAction       
        com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance               myAction       

ns list name com.test.TC_Perm1.@[user.name].r
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Perm1.@[THE_USER].r.A                                            
        com.test.TC_Perm1.@[THE_USER].r.admin                                        
        com.test.TC_Perm1.@[THE_USER].r.owner                                        
        com.test.TC_Perm1.@[THE_USER].r.unknown                                      
        com.test.TC_Perm1.@[THE_USER].r.unknown2                                     
    Permissions
        com.test.TC_Perm1.@[THE_USER].r.access *                        *              
        com.test.TC_Perm1.@[THE_USER].r.access *                        read           

as XX@NS
# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 200,404 **
Deleted Permission

set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200,404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist

set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200,404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist

set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
** Expect 200,404 **
Deleted Permission

set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
** Expect 200,404 **
Deleted Permission

role delete com.test.TC_Perm1.@[user.name].r.A
** Expect 200,404 **
Deleted Role

role delete com.test.TC_Perm1.@[user.name].r.B
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist

role delete com.test.TC_Perm1.@[user.name].r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist

role delete com.test.TC_Perm1.@[user.name].r.unknown
** Expect 200,404 **
Deleted Role

role delete com.test.TC_Perm1.@[user.name].r.unknown2
** Expect 200,404 **
Deleted Role

role delete com.test2.TC_Perm1.@[user.name].r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist

role delete com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist

role delete com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist

# TC_Perm1.99.2.POS Remove ability to create creds
user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS]

as XX@NS
perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin]

as testid@aaf.att.com
role delete com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role

sleep 0
as XX@NS
# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
set force true
set force=true ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist

as testid
force ns delete com.test.TC_Perm1.@[user.name].r
** Expect 200,404 **
Deleted Namespace

force ns delete com.test.TC_Perm1.@[user.name]_2
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist

force ns delete com.test.TC_Perm1.@[user.name]
** Expect 200,404 **
Deleted Namespace

force ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist

# TC_Perm1.99.99.POS List to prove removed
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

ns list name com.test.TC_Perm1.@[user.name].r
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

ns list name com.test.TC_Perm1.@[user.name]_2
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **

List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***