Sorry, I have trouble making issue clear.
My test is to verify that non-admin user can not add or delete, but they can view. Here is my test suite outline.
TEST SUITE
1. Login as admin user
2. Verify admin can create object. (Add Connection web service)
3. Login as non-admin user
4. Verify non-admin can view the object created by admin
5. Verify non-admin can Not add a new object
6. Verify non-admin can Not delete object creaed by admin
For test steps 1 to 2, require using admin login for the request.
For test steps 3 to 5, require using non-admin login for the request.
Ok, what did you try and facing any problem as that looks string forward? Have a test case for the steps and use the appropriate credentials for the step as needed.
