diff --git a/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java b/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
index ebc825e80f7089f4c8e77167cd9cead3a0d41334..eefe15dbb03971d47479e269be582120533c52b3 100644
--- a/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
+++ b/testing/notification-test-aws/src/test/java/org/opengroup/osdu/notification/api/TestPubsubEndpointHMAC.java
@@ -14,6 +14,7 @@
 package org.opengroup.osdu.notification.api;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 import org.junit.After;
 import org.junit.AfterClass;
@@ -132,4 +133,26 @@ public class TestPubsubEndpointHMAC extends PubsubEndpointHMACTests {
         awssubscriptionService.delete(subscriptionId);
     }
 
+    @Override
+    @Test
+    public void should_return20X_when_usingCredentialsWithOpsPermission() throws Exception{
+        createResource();
+
+        try {
+            ClientResponse response = descriptor.run(getArg(), testUtils.getOpsToken());
+
+            assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)), expectedOkResponseCode(), response.getStatus());
+            assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
+            assertEquals("1; mode=block", response.getHeaders().getFirst("X-XSS-Protection"));
+            assertEquals("nosniff", response.getHeaders().getFirst("X-Content-Type-Options"));
+            assertEquals("no-cache, no-store, must-revalidate", response.getHeaders().getFirst("Cache-Control"));
+            assertEquals("default-src 'self'", response.getHeaders().getFirst("Content-Security-Policy"));
+            assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0).contains("max-age=31536000"));
+            assertTrue(response.getHeaders().get("Strict-Transport-Security").get(0).contains("includeSubDomains"));
+            assertEquals("0", response.getHeaders().getFirst("Expires"));
+        } finally {
+            deleteResource();
+        }
+    }
+
 }
\ No newline at end of file