1 set testid@aaf.att.com <pass>
2 set testunused@aaf.att.com <pass>
8 # TC_Role1.10.0.POS Validate NS ok
9 ns list name com.test.TC_Role1.@[user.name]
12 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
13 --------------------------------------------------------------------------------
14 *** Namespace Not Found ***
16 # TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
17 ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
21 # TC_Role1.10.10.POS Create role to assign mechid perm to
22 role create com.test.TC_Role1.@[user.name].cred_admin
27 # TC_Role1.10.11.POS Assign role to mechid perm
28 perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
30 Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin]
33 # TC_Role1.10.12.POS Assign user for creating creds
34 user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
36 Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
38 # TC_Role1.20.1.POS List Data on non-Empty NS
39 ns list name com.test.TC_Role1.@[user.name]
42 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
43 --------------------------------------------------------------------------------
44 com.test.TC_Role1.@[THE_USER]
48 @[THE_USER]@csp.att.com
50 com.test.TC_Role1.@[THE_USER].admin
51 com.test.TC_Role1.@[THE_USER].cred_admin
52 com.test.TC_Role1.@[THE_USER].owner
54 com.test.TC_Role1.@[THE_USER].access * *
55 com.test.TC_Role1.@[THE_USER].access * read
57 # TC_Role1.20.2.POS Add Roles
58 role create com.test.TC_Role1.@[user.name].r.A
62 role create com.test.TC_Role1.@[user.name].r.B
66 # TC_Role1.20.3.POS List Data on non-Empty NS
67 ns list name com.test.TC_Role1.@[user.name]
70 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
71 --------------------------------------------------------------------------------
72 com.test.TC_Role1.@[THE_USER]
76 @[THE_USER]@csp.att.com
78 com.test.TC_Role1.@[THE_USER].admin
79 com.test.TC_Role1.@[THE_USER].cred_admin
80 com.test.TC_Role1.@[THE_USER].owner
81 com.test.TC_Role1.@[THE_USER].r.A
82 com.test.TC_Role1.@[THE_USER].r.B
84 com.test.TC_Role1.@[THE_USER].access * *
85 com.test.TC_Role1.@[THE_USER].access * read
87 # TC_Role1.20.4.NEG Don't write over Role
88 role create com.test.TC_Role1.@[user.name].r.A
90 Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists
92 # TC_Role1.20.5.NEG Don't allow non-user to create
94 role create com.test.TC_Role1.@[user.name].r.No
96 Failed with code 401, Unauthorized
98 # TC_Role1.20.6.NEG Don't allow non-user to create without Approval
99 as testunused@aaf.att.com
100 role create com.test.TC_Role1.@[user.name].r.No
102 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No]
104 # TC_Role1.20.10.NEG Non-admins can't change description
105 as testunused@aaf.att.com
106 role describe com.test.TC_Role1.@[user.name].r.A Description A
108 Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A
110 # TC_Role1.20.11.NEG Role must exist to change description
111 as testid@aaf.att.com
112 role describe com.test.TC_Role1.@[user.name].r.C Description C
114 Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
116 # TC_Role1.20.12.POS Admin can change description
117 role describe com.test.TC_Role1.@[user.name].r.A Description A
119 Description added to role
121 # TC_Role1.30.1.POS List Data on non-Empty NS
122 as testid@aaf.att.com
123 ns list name com.test.TC_Role1.@[user.name]
126 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
127 --------------------------------------------------------------------------------
128 com.test.TC_Role1.@[THE_USER]
132 @[THE_USER]@csp.att.com
134 com.test.TC_Role1.@[THE_USER].admin
135 com.test.TC_Role1.@[THE_USER].cred_admin
136 com.test.TC_Role1.@[THE_USER].owner
137 com.test.TC_Role1.@[THE_USER].r.A
138 com.test.TC_Role1.@[THE_USER].r.B
140 com.test.TC_Role1.@[THE_USER].access * *
141 com.test.TC_Role1.@[THE_USER].access * read
143 # TC_Role1.30.2.POS Create Sub-ns when Roles that exist
144 ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
148 # TC_Role1.30.3.POS List Data on NS with sub-roles
149 ns list name com.test.TC_Role1.@[user.name]
152 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
153 --------------------------------------------------------------------------------
154 com.test.TC_Role1.@[THE_USER]
158 @[THE_USER]@csp.att.com
160 com.test.TC_Role1.@[THE_USER].admin
161 com.test.TC_Role1.@[THE_USER].cred_admin
162 com.test.TC_Role1.@[THE_USER].owner
164 com.test.TC_Role1.@[THE_USER].access * *
165 com.test.TC_Role1.@[THE_USER].access * read
167 ns list name com.test.TC_Role1.@[user.name].r
170 List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
171 --------------------------------------------------------------------------------
172 com.test.TC_Role1.@[THE_USER].r
176 @[THE_USER]@csp.att.com
178 com.test.TC_Role1.@[THE_USER].r.A
179 com.test.TC_Role1.@[THE_USER].r.B
180 com.test.TC_Role1.@[THE_USER].r.admin
181 com.test.TC_Role1.@[THE_USER].r.owner
183 com.test.TC_Role1.@[THE_USER].r.access * *
184 com.test.TC_Role1.@[THE_USER].r.access * read
186 # TC_Role1.40.01.POS List Data on non-Empty NS
187 role list role com.test.TC_Role1.@[user.name].r.A
190 List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
191 --------------------------------------------------------------------------------
193 PERM Type Instance Action
194 --------------------------------------------------------------------------------
195 com.test.TC_Role1.@[THE_USER].r.A
197 # TC_Role1.40.20.POS Create a Perm, and add to Role
198 perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
201 Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A]
203 # TC_Role1.40.25.POS List
204 role list role com.test.TC_Role1.@[user.name].r.A
207 List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
208 --------------------------------------------------------------------------------
210 PERM Type Instance Action
211 --------------------------------------------------------------------------------
212 com.test.TC_Role1.@[THE_USER].r.A
213 com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
215 # TC_Role1.40.30.POS Create a Perm
216 perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
220 # TC_Role1.40.32.POS Separately Grant Perm
221 perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
223 Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A]
225 # TC_Role1.40.35.POS List
226 role list role com.test.TC_Role1.@[user.name].r.A
229 List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
230 --------------------------------------------------------------------------------
232 PERM Type Instance Action
233 --------------------------------------------------------------------------------
234 com.test.TC_Role1.@[THE_USER].r.A
235 com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
236 com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
238 # TC_Role1.50.1.POS Create user to attach to role
239 user cred add m00001@@[user.name].TC_Role1.test.com password123
241 Added Credential [m00001@@[THE_USER].TC_Role1.test.com]
243 # TC_Role1.50.2.POS Create new role
244 role create com.test.TC_Role1.@[user.name].r.C
248 # TC_Role1.50.3.POS Attach user to role
249 user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
251 Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com]
253 # TC_Role1.50.4.POS Create permission and attach to role
254 perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
257 Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C]
259 # TC_Role1.50.20.NEG Delete role with permission and user attached should fail
260 role delete com.test.TC_Role1.@[user.name].r.C
262 Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users.
264 # TC_Role1.50.21.POS Force delete role should work
266 set force=true role delete com.test.TC_Role1.@[user.name].r.C
270 # TC_Role1.50.30.POS List Data on non-Empty NS
271 ns list name com.test.TC_Role1.@[user.name]
274 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
275 --------------------------------------------------------------------------------
276 com.test.TC_Role1.@[THE_USER]
280 @[THE_USER]@csp.att.com
282 com.test.TC_Role1.@[THE_USER].admin
283 com.test.TC_Role1.@[THE_USER].cred_admin
284 com.test.TC_Role1.@[THE_USER].owner
286 com.test.TC_Role1.@[THE_USER].access * *
287 com.test.TC_Role1.@[THE_USER].access * read
288 com.test.TC_Role1.@[THE_USER].p.C myInstance myAction
289 com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
290 com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
292 m00001@@[THE_USER].TC_Role1.test.com
294 # Need to let DB catch up on deletes
296 as testid@aaf.att.com
297 # TC_Role1.99.05.POS Remove Permissions from "40_reports"
299 set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
304 set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
308 # TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
309 force role delete com.test.TC_Role1.@[user.name].r.A
313 force role delete com.test.TC_Role1.@[user.name].r.B
317 force role delete com.test.TC_Role1.@[user.name].r.C
319 Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
321 # TC_Role1.99.15.POS Remove ability to create creds
322 user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
324 Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
327 perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
329 UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin]
331 as testid@aaf.att.com
332 role delete com.test.TC_Role1.@[user.name].cred_admin
336 # TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
337 perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
342 user cred del m00001@@[user.name].TC_Role1.test.com
344 Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com]
346 # TC_Role1.99.90.POS Namespace Admin can delete Namespace
347 force ns delete com.test.TC_Role1.@[user.name].r
351 force ns delete com.test.TC_Role1.@[user.name]
355 # TC_Role1.99.99.POS List to prove clean Namespaces
356 ns list name com.test.TC_Role1.@[user.name].r
359 List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
360 --------------------------------------------------------------------------------
361 *** Namespace Not Found ***
363 ns list name com.test.TC_Role1.@[user.name]
366 List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
367 --------------------------------------------------------------------------------
368 *** Namespace Not Found ***