2 set testid@aaf.att.com <pass>
3 set testunused@aaf.att.com <pass>
8 # TC_Perm2.10.0.POS Print NS to prove ok
9 ns list name com.test.TC_Perm2.@[user.name]
12 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
13 --------------------------------------------------------------------------------
14 *** Namespace Not Found ***
16 # TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
17 ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
22 # TC_Perm2.20.1.POS List Data on non-Empty NS
23 ns list name com.test.TC_Perm2.@[user.name]
26 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
27 --------------------------------------------------------------------------------
28 com.test.TC_Perm2.@[THE_USER]
32 @[THE_USER]@csp.att.com
34 com.test.TC_Perm2.@[THE_USER].admin
35 com.test.TC_Perm2.@[THE_USER].owner
37 com.test.TC_Perm2.@[THE_USER].access * *
38 com.test.TC_Perm2.@[THE_USER].access * read
40 # TC_Perm2.20.10.POS Add Perms with specific Instance and Action
41 perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
45 # TC_Perm2.20.11.POS Add Perms with specific Instance and Star
46 perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
50 # TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
51 perm create com.test.TC_Perm2.@[user.name].p.A * *
55 perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
59 # TC_Perm2.20.20.POS Create role
60 role create com.test.TC_Perm2.@[user.name].p.superUser
64 role create com.test.TC_Perm2.@[user.name].p.secret
68 # TC_Perm2.20.21.POS Grant sub-NS perms to role
69 perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
71 Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
73 perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
75 Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
77 perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
79 Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
81 perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
83 Granted Permission [com.test.TC_Perm2.@[THE_USER].p.phoneCalls|*|spy] to Role [com.test.TC_Perm2.@[THE_USER].p.secret]
85 # TC_Perm2.20.30.POS List Data on non-Empty NS
86 ns list name com.test.TC_Perm2.@[user.name]
89 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
90 --------------------------------------------------------------------------------
91 com.test.TC_Perm2.@[THE_USER]
95 @[THE_USER]@csp.att.com
97 com.test.TC_Perm2.@[THE_USER].admin
98 com.test.TC_Perm2.@[THE_USER].owner
99 com.test.TC_Perm2.@[THE_USER].p.secret
100 com.test.TC_Perm2.@[THE_USER].p.superUser
102 com.test.TC_Perm2.@[THE_USER].access * *
103 com.test.TC_Perm2.@[THE_USER].access * read
104 com.test.TC_Perm2.@[THE_USER].p.A * *
105 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
106 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
107 com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
109 # TC_Perm2.20.40.POS Create role
110 role create com.test.TC_Perm2.@[user.name].p.watcher
115 # TC_Perm2.20.50.POS Grant view perms to watcher role
116 perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
119 Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
121 perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
124 Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
126 as testid@aaf.att.com
127 # TC_Perm2.30.1.POS List Data on non-Empty NS
128 ns list name com.test.TC_Perm2.@[user.name]
131 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
132 --------------------------------------------------------------------------------
133 com.test.TC_Perm2.@[THE_USER]
137 @[THE_USER]@csp.att.com
139 com.test.TC_Perm2.@[THE_USER].admin
140 com.test.TC_Perm2.@[THE_USER].owner
141 com.test.TC_Perm2.@[THE_USER].p.secret
142 com.test.TC_Perm2.@[THE_USER].p.superUser
143 com.test.TC_Perm2.@[THE_USER].p.watcher
145 com.test.TC_Perm2.@[THE_USER].access * *
146 com.test.TC_Perm2.@[THE_USER].access * read
147 com.test.TC_Perm2.@[THE_USER].p.A * *
148 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
149 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
150 com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
152 # TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
153 ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
157 # TC_Perm2.30.3.POS List Data on NS with sub-roles
158 ns list name com.test.TC_Perm2.@[user.name]
161 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
162 --------------------------------------------------------------------------------
163 com.test.TC_Perm2.@[THE_USER]
167 @[THE_USER]@csp.att.com
169 com.test.TC_Perm2.@[THE_USER].admin
170 com.test.TC_Perm2.@[THE_USER].owner
172 com.test.TC_Perm2.@[THE_USER].access * *
173 com.test.TC_Perm2.@[THE_USER].access * read
175 ns list name com.test.TC_Perm2.@[user.name].p
178 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
179 --------------------------------------------------------------------------------
180 com.test.TC_Perm2.@[THE_USER].p
184 @[THE_USER]@csp.att.com
186 com.test.TC_Perm2.@[THE_USER].p.admin
187 com.test.TC_Perm2.@[THE_USER].p.owner
188 com.test.TC_Perm2.@[THE_USER].p.secret
189 com.test.TC_Perm2.@[THE_USER].p.superUser
190 com.test.TC_Perm2.@[THE_USER].p.watcher
192 com.test.TC_Perm2.@[THE_USER].p.A * *
193 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
194 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
195 com.test.TC_Perm2.@[THE_USER].p.access * *
196 com.test.TC_Perm2.@[THE_USER].p.access * read
197 com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
199 as testunused@aaf.att.com
200 # TC_Perm2.40.1.NEG Non-admin, not granted user should not view
201 perm list name com.test.TC_Perm2.@[user.name].p.A
204 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
205 --------------------------------------------------------------------------------
206 PERM Type Instance Action
207 --------------------------------------------------------------------------------
210 as testid@aaf.att.com
211 # Tens test user granted to permission
212 # TC_Perm2.40.10.POS Add user to superUser role
213 user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
215 Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
217 as testunused@aaf.att.com
218 # TC_Perm2.40.11.POS Non-admin, granted user should view
219 perm list name com.test.TC_Perm2.@[user.name].p.A
222 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
223 --------------------------------------------------------------------------------
224 PERM Type Instance Action
225 --------------------------------------------------------------------------------
226 com.test.TC_Perm2.@[THE_USER].p.A * *
227 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
228 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
231 as testid@aaf.att.com
232 # TC_Perm2.40.12.POS Ungrant perm with wildcards
233 perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
235 UnGranted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] from Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
237 as testunused@aaf.att.com
238 # TC_Perm2.40.13.POS Non-admin, granted user should view
239 perm list name com.test.TC_Perm2.@[user.name].p.A
242 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
243 --------------------------------------------------------------------------------
244 PERM Type Instance Action
245 --------------------------------------------------------------------------------
246 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
247 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
250 as testid@aaf.att.com
251 # TC_Perm2.40.19.POS Remove user from superUser role
252 user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
254 Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
256 # Twenties test user granted explicit view permission
257 # TC_Perm2.40.20.POS Add user to watcher role
258 user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
260 Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
262 as testunused@aaf.att.com
263 # TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
264 perm list name com.test.TC_Perm2.@[user.name].p.A
267 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
268 --------------------------------------------------------------------------------
269 PERM Type Instance Action
270 --------------------------------------------------------------------------------
274 # TC_Perm2.40.22.POS Ungrant perm with wildcards
275 perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
277 UnGranted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] from Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
279 as testunused@aaf.att.com
280 # TC_Perm2.40.23.POS Non-admin, granted user should view
281 perm list name com.test.TC_Perm2.@[user.name].p.A
284 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
285 --------------------------------------------------------------------------------
286 PERM Type Instance Action
287 --------------------------------------------------------------------------------
290 as testid@aaf.att.com
291 # TC_Perm2.40.29.POS Remove user from watcher role
292 user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
294 Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
296 # Thirties test admin user
297 # TC_Perm2.40.30.POS Admin should be able to view
298 perm list name com.test.TC_Perm2.@[user.name].p.A
301 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
302 --------------------------------------------------------------------------------
303 PERM Type Instance Action
304 --------------------------------------------------------------------------------
305 com.test.TC_Perm2.@[THE_USER].p.A * *
306 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
307 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
310 # TC_Perm2.40.31.POS Add new admin for sub-NS
311 ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
313 Admin testunused@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
315 # TC_Perm2.40.32.POS Remove admin from sub-NS
316 ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
318 Admin testid@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
320 # TC_Perm2.40.34.POS Admin of parent NS should be able to view
321 perm list name com.test.TC_Perm2.@[user.name].p.A
324 List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A]
325 --------------------------------------------------------------------------------
326 PERM Type Instance Action
327 --------------------------------------------------------------------------------
328 com.test.TC_Perm2.@[THE_USER].p.A * *
329 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
330 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
333 # TC_Perm2.40.80.POS Add new admin for sub-NS
334 ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
336 Admin testid@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p
338 # TC_Perm2.40.81.POS Remove admin from sub-NS
339 ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
341 Admin testunused@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p
343 # TC_Perm2.41.1.POS Add user to some roles with perms attached
344 as testid@aaf.att.com
345 user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
347 Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com]
349 user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
351 Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com]
353 user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
355 Added Role [com.test.TC_Perm2.@[THE_USER].p.secret] to User [XX@NS]
357 # TC_Perm2.41.10.POS List by User when Same as Caller
358 as testunused@aaf.att.com
359 perm list user testunused@aaf.att.com
362 List Permissions by User[testunused@aaf.att.com]
363 --------------------------------------------------------------------------------
364 PERM Type Instance Action
365 --------------------------------------------------------------------------------
366 com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
367 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
368 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
371 # TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
372 as testid@aaf.att.com
373 perm list user testunused@aaf.att.com
376 List Permissions by User[testunused@aaf.att.com]
377 --------------------------------------------------------------------------------
378 PERM Type Instance Action
379 --------------------------------------------------------------------------------
380 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
381 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
384 # TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
386 perm list user testunused@aaf.att.com
389 List Permissions by User[testunused@aaf.att.com]
390 --------------------------------------------------------------------------------
391 PERM Type Instance Action
392 --------------------------------------------------------------------------------
393 com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view
394 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
395 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
398 # TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
399 as testunused@aaf.att.com
403 List Permissions by User[XX@NS]
404 --------------------------------------------------------------------------------
405 PERM Type Instance Action
406 --------------------------------------------------------------------------------
409 # TC_Perm2.41.99.POS Remove users from roles for later test
410 as testid@aaf.att.com
411 user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
413 Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com]
415 user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
417 Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com]
419 user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
421 Removed Role [com.test.TC_Perm2.@[THE_USER].p.secret] from User [XX@NS]
423 # TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
424 as testid@aaf.att.com
425 perm list ns com.test.TC_Perm2.@[user.name].p
428 List Perms by NS [com.test.TC_Perm2.@[THE_USER].p]
429 --------------------------------------------------------------------------------
430 PERM Type Instance Action
431 --------------------------------------------------------------------------------
432 com.test.TC_Perm2.@[THE_USER].p.A * *
433 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
434 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
435 com.test.TC_Perm2.@[THE_USER].p.access * *
436 com.test.TC_Perm2.@[THE_USER].p.access * read
437 com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
440 # TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
441 as testunused@aaf.att.com
442 perm list ns com.test.TC_Perm2.@[user.name].p
444 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Perm2.@[THE_USER].p]
446 # TC_Perm2.43.10.POS List perms when allowed to see Role
447 as testid@aaf.att.com
448 perm list role com.test.TC_Perm2.@[user.name].p.superUser
451 List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
452 --------------------------------------------------------------------------------
453 PERM Type Instance Action
454 --------------------------------------------------------------------------------
455 com.test.TC_Perm2.@[THE_USER].p.A myInstance *
456 com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction
459 perm list role com.test.TC_Perm2.@[user.name].p.watcher
462 List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
463 --------------------------------------------------------------------------------
464 PERM Type Instance Action
465 --------------------------------------------------------------------------------
468 perm list role com.test.TC_Perm2.@[user.name].p.secret
471 List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.secret]
472 --------------------------------------------------------------------------------
473 PERM Type Instance Action
474 --------------------------------------------------------------------------------
475 com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy
478 # TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
479 as testunused@aaf.att.com
480 perm list role com.test.TC_Perm2.@[user.name].p.superUser
482 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.superUser]
484 perm list role com.test.TC_Perm2.@[user.name].p.watcher
486 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.watcher]
488 perm list role com.test.TC_Perm2.@[user.name].p.secret
490 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.secret]
492 as testid@aaf.att.com
493 # TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
494 force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
498 force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
502 force perm delete com.test.TC_Perm2.@[user.name].p.A * *
506 force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
510 force role delete com.test.TC_Perm2.@[user.name].p.watcher
514 force role delete com.test.TC_Perm2.@[user.name].p.superUser
518 force role delete com.test.TC_Perm2.@[user.name].p.secret
523 force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
527 force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
531 # TC_Perm2.99.2.POS Namespace Admin can delete Namespace
532 force ns delete com.test.TC_Perm2.@[user.name].p
536 force ns delete com.test.TC_Perm2.@[user.name]
540 # TC_Perm2.99.3.POS Print Namespaces
541 ns list name com.test.TC_Perm2.@[user.name].p
544 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p]
545 --------------------------------------------------------------------------------
546 *** Namespace Not Found ***
548 ns list name com.test.TC_Perm2.@[user.name]
551 List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]]
552 --------------------------------------------------------------------------------
553 *** Namespace Not Found ***