| TC-RBAC-001 | Admin accesses admin-only feature | Positive | Critical | Access allowed | Screenshot | Not Run |
| TC-RBAC-002 | School Manager attempts admin-only cancellation | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-RBAC-003 | Supplier attempts school manager feature | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-RBAC-004 | Operator attempts supplier feature | Negative | High | Access denied | Screenshot or API 403 response | Not Run |
| TC-RBAC-005 | Parent accesses own student flow | Positive | High | Access allowed within own scope | Screenshot | Not Run |
| TC-RBAC-006 | Student accesses own allowed flow | Positive | Medium | Access allowed within own scope | Screenshot | Not Run |