diff --git a/controller/northbound/server/auth_interceptor.go b/controller/northbound/server/auth_interceptor.go
index 8b9182f24e623c3d3cf15f4b7c007ec42678e4f5..a53f0e4eff13da1541d013cab195d32fd2748b60 100644
--- a/controller/northbound/server/auth_interceptor.go
+++ b/controller/northbound/server/auth_interceptor.go
@@ -60,6 +60,7 @@ func (auth *AuthInterceptor) Stream() grpc.StreamServerInterceptor {
 		info *grpc.StreamServerInfo,
 		handler grpc.StreamHandler,
 	) error {
+
 		err := auth.authorize(stream.Context(), info.FullMethod)
 		if err != nil {
 			return err
diff --git a/controller/northbound/server/auth_interceptor_test.go b/controller/northbound/server/auth_interceptor_test.go
index a4fb36216a73c55ff2dc09bc638a484444d1872f..1bf696bd36959cfac6a0b38f0106999607f84c20 100644
--- a/controller/northbound/server/auth_interceptor_test.go
+++ b/controller/northbound/server/auth_interceptor_test.go
@@ -4,10 +4,10 @@ import (
 	"context"
 	"log"
 	"net"
-	"reflect"
 	"testing"
 
 	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	spb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/southbound"
 	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
 	"code.fbi.h-da.de/danet/gosdn/controller/store"
 	"google.golang.org/grpc"
@@ -23,6 +23,7 @@ func dialer() func(context.Context, string) (net.Conn, error) {
 	server := grpc.NewServer(grpc.UnaryInterceptor(interceptor.Unary()), grpc.StreamInterceptor(interceptor.Stream()))
 
 	apb.RegisterUserServiceServer(server, &User{})
+	spb.RegisterSbiServiceServer(server, &sbiServer{})
 
 	go func() {
 		if err := server.Serve(listener); err != nil {
@@ -59,6 +60,15 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 
 	md := metadata.Pairs("authorize", validToken)
 
+	ctx := context.Background()
+	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer conn.Close()
+
+	client := apb.NewUserServiceClient(conn)
+
 	type args struct {
 		ctx     context.Context
 		request *apb.GetUsersRequest
@@ -109,15 +119,6 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 		},
 	}
 
-	ctx := context.Background()
-	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer conn.Close()
-
-	client := apb.NewUserServiceClient(conn)
-
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := client.GetUsers(tt.args.ctx, tt.args.request)
@@ -135,135 +136,78 @@ func TestAuthInterceptor_Unary(t *testing.T) {
 }
 
 func TestAuthInterceptor_Stream(t *testing.T) {
-	type fields struct {
-		jwtManager *rbac.JWTManager
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   grpc.StreamServerInterceptor
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			auth := &AuthInterceptor{
-				jwtManager: tt.fields.jwtManager,
-			}
-			if got := auth.Stream(); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("AuthInterceptor.Stream() = %v, want %v", got, tt.want)
-			}
-		})
+	validToken, err := jwt.GenerateToken(rbac.User{UserName: "testAdmin"})
+	if err != nil {
+		log.Fatal(err)
 	}
-}
 
-func TestAuthInterceptor_authorize(t *testing.T) {
-	type fields struct {
-		jwtManager *rbac.JWTManager
-	}
-	type args struct {
-		ctx    context.Context
-		method string
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			auth := &AuthInterceptor{
-				jwtManager: tt.fields.jwtManager,
-			}
-			if err := auth.authorize(tt.args.ctx, tt.args.method); (err != nil) != tt.wantErr {
-				t.Errorf("AuthInterceptor.authorize() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
+	user, err := userc.Get(store.Query{Name: "testAdmin"})
+	if err != nil {
+		log.Fatal(err)
 	}
-}
+	user.SetToken(validToken)
 
-func TestAuthInterceptor_verifyPermisisonForRequestedCall(t *testing.T) {
-	type fields struct {
-		jwtManager *rbac.JWTManager
-	}
-	type args struct {
-		userRoles       map[string]string
-		requestedMethod string
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			auth := &AuthInterceptor{
-				jwtManager: tt.fields.jwtManager,
-			}
-			if err := auth.verifyPermisisonForRequestedCall(tt.args.userRoles, tt.args.requestedMethod); (err != nil) != tt.wantErr {
-				t.Errorf("AuthInterceptor.verifyPermisisonForRequestedCall() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
+	err = userc.Update(user)
+	if err != nil {
+		log.Fatal(err)
 	}
-}
 
-func TestAuthInterceptor_verifyUserRoleAndRequestedCall(t *testing.T) {
-	type fields struct {
-		jwtManager *rbac.JWTManager
-	}
-	type args struct {
-		userRole        string
-		requestedMethod string
-	}
-	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			auth := &AuthInterceptor{
-				jwtManager: tt.fields.jwtManager,
-			}
-			if err := auth.verifyUserRoleAndRequestedCall(tt.args.userRole, tt.args.requestedMethod); (err != nil) != tt.wantErr {
-				t.Errorf("AuthInterceptor.verifyUserRoleAndRequestedCall() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}
+	md := metadata.Pairs("authorize", validToken)
 
-func TestAuthInterceptor_compareRequestedPermissionWithRolePermissions(t *testing.T) {
-	type fields struct {
-		jwtManager *rbac.JWTManager
+	ctx := context.Background()
+	conn, err := grpc.DialContext(ctx, "", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(dialer()))
+	if err != nil {
+		log.Fatal(err)
 	}
+	defer conn.Close()
+
+	client := spb.NewSbiServiceClient(conn)
+
 	type args struct {
-		requestedMethod       string
-		storedRolePermissions []string
+		ctx     context.Context
+		request *spb.GetSchemaRequest
 	}
 	tests := []struct {
-		name    string
-		fields  fields
-		args    args
-		wantErr bool
+		name string
+		args args
+		want bool
 	}{
-		// TODO: Add test cases.
+		{
+			name: "default stream interceptor",
+			args: args{
+				ctx: metadata.NewOutgoingContext(context.Background(), md),
+				request: &spb.GetSchemaRequest{
+					Pid: pndID,
+					Sid: sbiID,
+				},
+			},
+			want: true,
+		},
+		{
+			name: "error stream interceptor",
+			args: args{
+				ctx: metadata.NewOutgoingContext(context.Background(), metadata.Pairs("authorize", "foo")),
+				request: &spb.GetSchemaRequest{
+					Pid: pndID,
+					Sid: sbiID,
+				},
+			},
+			want: false,
+		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			auth := &AuthInterceptor{
-				jwtManager: tt.fields.jwtManager,
+			got, err := client.GetSchema(tt.args.ctx, tt.args.request)
+			if err != nil {
+				t.Errorf("AuthInterceptor.Stream() = %v", err)
+				return
 			}
-			if err := auth.compareRequestedPermissionWithRolePermissions(tt.args.requestedMethod, tt.args.storedRolePermissions); (err != nil) != tt.wantErr {
-				t.Errorf("AuthInterceptor.compareRequestedPermissionWithRolePermissions() error = %v, wantErr %v", err, tt.wantErr)
+
+			payload, _ := got.Recv()
+			if (payload != nil) != tt.want {
+				t.Errorf("AuthInterceptor.Stream() = %v", tt.want)
+				return
 			}
 		})
 	}
diff --git a/controller/northbound/server/pnd_test.go b/controller/northbound/server/pnd_test.go
index 797b5d52b3626cfe29d23c5241ebb70d5b7cd7ce..c64620fbdb1984a1242b2609686af0a5ee413b9e 100644
--- a/controller/northbound/server/pnd_test.go
+++ b/controller/northbound/server/pnd_test.go
@@ -103,7 +103,7 @@ func TestMain(m *testing.M) {
 	mockPnd.On("GetName").Return("test")
 	mockPnd.On("GetDescription").Return("test")
 	mockPnd.On("GetSBIs").Return(sbiStore)
-	mockPnd.On("GetSBI").Return(mockDevice.SBI(), nil)
+	mockPnd.On("GetSBI", mock.Anything).Return(mockDevice.SBI(), nil)
 	mockPnd.On("Devices").Return([]uuid.UUID{deviceUUID})
 	mockPnd.On("PendingChanges").Return([]uuid.UUID{pendingChangeUUID})
 	mockPnd.On("CommittedChanges").Return([]uuid.UUID{committedChangeUUID})
diff --git a/controller/northbound/server/role_test.go b/controller/northbound/server/role_test.go
index 055d99c86474a830c568999185fb9c699284fd6c..9fdbe2e5f86714ca952df1734c4c804f0fd18d28 100644
--- a/controller/northbound/server/role_test.go
+++ b/controller/northbound/server/role_test.go
@@ -148,6 +148,7 @@ func TestRole_GetRoles(t *testing.T) {
 							"/gosdn.core.CoreService/GetPnd",
 							"/gosdn.core.CoreService/GetPndList",
 							"/gosdn.rbac.UserService/GetUsers",
+							"/gosdn.southbound.SbiService/GetSchema",
 						}},
 					{
 						Name:        "userTestRole",
diff --git a/controller/northbound/server/test_util_test.go b/controller/northbound/server/test_util_test.go
index d4b242fd9d68384df3264ac1f83d780faefb1440..6da586aa99dcbaacbf70bffb0432b2dea4495189 100644
--- a/controller/northbound/server/test_util_test.go
+++ b/controller/northbound/server/test_util_test.go
@@ -89,6 +89,7 @@ func createTestRoles() error {
 				"/gosdn.core.CoreService/GetPnd",
 				"/gosdn.core.CoreService/GetPndList",
 				"/gosdn.rbac.UserService/GetUsers",
+				"/gosdn.southbound.SbiService/GetSchema",
 			},
 		},
 		{