diff --git a/controller/api/role_test.go b/controller/api/role_test.go
new file mode 100644
index 0000000000000000000000000000000000000000..8113834915d4c3e4284e02d4a221b7ed057e2545
--- /dev/null
+++ b/controller/api/role_test.go
@@ -0,0 +1,378 @@
+package api
+
+import (
+	"context"
+	"reflect"
+	"testing"
+
+	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
+	"github.com/google/uuid"
+)
+
+func TestCreateRoles(t *testing.T) {
+	type args struct {
+		ctx   context.Context
+		addr  string
+		roles []*apb.Role
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.CreateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default create roles",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				roles: []*apb.Role{
+					{
+						Name:        "new role 1",
+						Description: "Role 1",
+						Permissions: []string{"permission 1", "permission 2"},
+					},
+				},
+			},
+			want: &apb.CreateRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := CreateRoles(tt.args.ctx, tt.args.addr, tt.args.roles)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("CreateRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.CreateRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestGetRole(t *testing.T) {
+	type args struct {
+		ctx  context.Context
+		addr string
+		name string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default get role",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				name: "adminTestRole",
+			},
+			want: &apb.GetRoleResponse{
+				Status: apb.Status_STATUS_OK,
+				Role: &apb.Role{
+					Name:        "adminTestRole",
+					Description: "Admin",
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "error get role",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				name: "not role",
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetRole(tt.args.ctx, tt.args.addr, tt.args.name)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status == tt.want.Status {
+				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
+					t.Errorf("Role.GetRole() = %v, want %v", got, tt.want)
+				}
+			} else {
+				if got != nil {
+					t.Errorf("Role.GetRole() = %v, want %v", got, tt.want)
+				}
+			}
+		})
+	}
+}
+
+func TestGetRoles(t *testing.T) {
+	err := clearAndCreateAuthTestSetup()
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+
+	type args struct {
+		ctx  context.Context
+		addr string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.GetRolesResponse
+		wantLen int
+		wantErr bool
+	}{
+		{
+			name: "default get roless",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+			},
+			want: &apb.GetRolesResponse{
+				Status: apb.Status_STATUS_OK,
+				Roles: []*apb.Role{
+					{
+						Name:        "adminTestRole",
+						Description: "Admin",
+						Permissions: []string{
+							"/gosdn.core.CoreService/GetPnd",
+							"/gosdn.core.CoreService/GetPndList",
+						}},
+					{
+						Name:        "userTestRole",
+						Description: "User",
+						Permissions: []string{
+							"/gosdn.pnd.PndService/GetChangeList",
+						}},
+					{
+						Name:        randomRoleName,
+						Description: "Not a role",
+						Permissions: []string{
+							"nope",
+						},
+					},
+				},
+			},
+			wantLen: 3,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetRoles(tt.args.ctx, tt.args.addr)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status == tt.want.Status {
+				if len(got.Roles) != 3 {
+					t.Errorf("Role.GetRoles() = %v, want %v", got, tt.want)
+				}
+				for _, gotR := range got.Roles {
+					containsExpected := false
+					for _, wantR := range tt.want.Roles {
+						gotPerm := gotR.Permissions
+						wantPerm := wantR.Permissions
+						if gotR.Description == wantR.Description && gotR.Name == wantR.Name &&
+							reflect.DeepEqual(gotPerm, wantPerm) {
+							containsExpected = true
+							break
+						}
+					}
+					if !containsExpected {
+						t.Errorf("Role.GetRoles() = %v, want %v", got, tt.want)
+					}
+				}
+			}
+		})
+	}
+}
+
+func TestUpdateRoles(t *testing.T) {
+	type args struct {
+		ctx   context.Context
+		addr  string
+		roles []*apb.Role
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.UpdateRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default update roles",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				roles: []*apb.Role{
+					{
+						Id:   adminRoleID,
+						Name: "New Name",
+					},
+				},
+			},
+			want: &apb.UpdateRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error update roles",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				roles: []*apb.Role{
+					{
+						Id:   uuid.NewString(),
+						Name: "New Name",
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := UpdateRoles(tt.args.ctx, tt.args.addr, tt.args.roles)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.UpdateRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDeletePermissionForRole(t *testing.T) {
+	clearAndCreateAuthTestSetup()
+
+	type args struct {
+		ctx                 context.Context
+		addr                string
+		name                string
+		permissionsToDelete []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeletePermissionsForRoleResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete permissions for role",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				name: "adminTestRole",
+				permissionsToDelete: []string{
+					"/gosdn.core.CoreService/GetPnd",
+					"/gosdn.core.CoreService/GetPndList",
+				},
+			},
+			want: &apb.DeletePermissionsForRoleResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete permissions for role",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				name: "adminTestRole",
+				permissionsToDelete: []string{
+					"foo",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := DeletePermissionForRole(tt.args.ctx, tt.args.addr, tt.args.name, tt.args.permissionsToDelete)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("DeletePermissionForRole() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.DeletePermissionsForRole() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestDeleteRoles(t *testing.T) {
+	type args struct {
+		ctx      context.Context
+		addr     string
+		roleName []string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *apb.DeleteRolesResponse
+		wantErr bool
+	}{
+		{
+			name: "default delete roles",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				roleName: []string{
+					"userTestRole",
+					"adminTestRole",
+				},
+			},
+			want: &apb.DeleteRolesResponse{
+				Status: apb.Status_STATUS_OK,
+			},
+			wantErr: false,
+		},
+		{
+			name: "error delete roles",
+			args: args{
+				ctx:  context.TODO(),
+				addr: testAPIEndpoint,
+				roleName: []string{
+					"no",
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			clearAndCreateAuthTestSetup()
+
+			got, err := DeleteRoles(tt.args.ctx, tt.args.addr, tt.args.roleName)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			if got != nil && got.Status != tt.want.Status {
+				t.Errorf("Role.DeleteRoles() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/controller/northbound/server/role_test.go b/controller/northbound/server/role_test.go
index 42d91dfb0ea36ad0b9f3a57af190e868923e8dfa..ef2aeabe647035c1bfaaa3dab84eec4ba21486ca 100644
--- a/controller/northbound/server/role_test.go
+++ b/controller/northbound/server/role_test.go
@@ -101,6 +101,7 @@ func TestRole_GetRole(t *testing.T) {
 				t.Errorf("Role.GetRole() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
+
 			if got != nil && got.Status == tt.want.Status {
 				if got.Role.Name != tt.want.Role.Name || got.Role.Description != tt.want.Role.Description {
 					t.Errorf("Role.GetRole() = %v, want %v", got, tt.want)
@@ -174,6 +175,7 @@ func TestRole_GetRoles(t *testing.T) {
 				t.Errorf("Role.GetRoles() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
+
 			if got != nil && got.Status == tt.want.Status {
 				if len(got.Roles) != 3 {
 					t.Errorf("Role.GetRoles() = %v, want %v", got, tt.want)
@@ -252,6 +254,7 @@ func TestRole_UpdateRoles(t *testing.T) {
 				t.Errorf("Role.UpdateRoles() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
+
 			if got != nil && got.Status != tt.want.Status {
 				t.Errorf("Role.UpdateRoles() = %v, want %v", got, tt.want)
 			}
@@ -261,6 +264,7 @@ func TestRole_UpdateRoles(t *testing.T) {
 
 func TestRole_DeletePermissionsForRole(t *testing.T) {
 	clearAndCreateAuthTestSetup()
+
 	type args struct {
 		ctx     context.Context
 		request *apb.DeletePermissionsForRoleRequest
@@ -299,9 +303,7 @@ func TestRole_DeletePermissionsForRole(t *testing.T) {
 					},
 				},
 			},
-			want: &apb.DeletePermissionsForRoleResponse{
-				Status: apb.Status_STATUS_OK,
-			},
+			want:    nil,
 			wantErr: true,
 		},
 	}
@@ -313,6 +315,7 @@ func TestRole_DeletePermissionsForRole(t *testing.T) {
 				t.Errorf("Role.DeletePermissionsForRole() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
+
 			if got != nil && got.Status != tt.want.Status {
 				t.Errorf("Role.DeletePermissionsForRole() = %v, want %v", got, tt.want)
 			}
@@ -338,6 +341,7 @@ func TestRole_DeleteRoles(t *testing.T) {
 				request: &apb.DeleteRolesRequest{
 					RoleName: []string{
 						"userTestRole",
+						"adminTestRole",
 					},
 				},
 			},
@@ -365,11 +369,14 @@ func TestRole_DeleteRoles(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			s := Role{}
+			clearAndCreateAuthTestSetup()
+
 			got, err := s.DeleteRoles(tt.args.ctx, tt.args.request)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Role.DeleteRoles() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
+
 			if got != nil && got.Status != tt.want.Status {
 				t.Errorf("Role.DeleteRoles() = %v, want %v", got, tt.want)
 			}