getting back former versions + files

2024-09-16 16:39:21 +02:00 · 2024-09-16 16:39:21 +02:00 · f455c63bc9
commit f455c63bc9
parent c0f0069691
29 changed files with 546 additions and 316 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
@ -100,7 +100,7 @@ public class InsertTriggerGenerator {
                /**
                    Grants ${rawSubTable} INSERT permission to specified role of new ${rawSuperTable} rows.
                */
-                create or replace function ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf()
+                create or replace function ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf()
                    returns trigger
                    language plpgsql
                    strict as $$
@ -114,10 +114,10 @@ public class InsertTriggerGenerator {
                end; $$;
                -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
-                create trigger z_new_${rawSubTable}_grants_after_insert_tg
+                create trigger z_new_${rawSubTableName}_grants_after_insert_tg
                    after insert on ${rawSuperTableWithSchema}
                    for each row
-                execute procedure ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf();
+                execute procedure ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf();
                """,
                    with("ifConditionThen", g.getSuperRoleDef().getEntityAlias().isCaseDependent()
                            // TODO.impl: .type needs to be dynamically generated
@ -130,8 +130,9 @@ public class InsertTriggerGenerator {
                    with("rawSuperTableWithSchema", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()),
                    with("rawSuperTableShortName", g.getSuperRoleDef().getEntityAlias().getRawTableShortName()),
                    with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()),
                    with("rawSuperTableSchemaName", g.getSuperRoleDef().getEntityAlias().getRawTableSchemaPrefix()),
                    with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()),
                    with("rawSubTableSchemaPrefix", g.getPermDef().getEntityAlias().getRawTableSchemaPrefix()),
                    with("rawSubTableName", g.getPermDef().getEntityAlias().getRawTableName()),
                    with("rawSubTableShortName", g.getPermDef().getEntityAlias().getRawTableShortName()));
        });
@ -154,15 +155,16 @@ public class InsertTriggerGenerator {
                returns trigger
                language plpgsql as $$
            begin
-                raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW;
+                raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW;
            end; $$;
            create trigger ${rawSubTable}_insert_permission_check_tg
                before insert on ${rawSubTable}
                for each row
-                    execute procedure ${rawSubTable}_insert_permission_missing_tf();
+                    execute procedure ${rawSubTableWithSchema}_insert_permission_missing_tf();
            """,
-            with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()));
+            with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()),
            with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
        plPgSql.writeLn("--//");
    }
@ -183,7 +185,7 @@ public class InsertTriggerGenerator {
    private void generateInsertPermissionsCheckHeader(final StringWriter plPgSql) {
        plPgSql.writeLn("""
            -- ============================================================================
-            --changeset InsertTriggerGenerator:${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
+            --changeset InsertTriggerGenerator:${liquibaseTagPrefix}-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
            -- ----------------------------------------------------------------------------
            /**
@ -196,6 +198,7 @@ public class InsertTriggerGenerator {
                superObjectUuid uuid;
            begin
            """,
                with("liquibaseTagPrefix", liquibaseTagPrefix),
                with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()));
        plPgSql.chopEmptyLines();
    }
@ -258,17 +261,18 @@ public class InsertTriggerGenerator {
    private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) {
        plPgSql.writeLn();
        plPgSql.writeLn("""
-                raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
+                raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed for current subjects % (%)',
                        NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
            end; $$;
            create trigger ${rawSubTable}_insert_permission_check_tg
-                before insert on ${rawSubTable}
+                before insert on ${rawSubTableWithSchema}
                for each row
-                    execute procedure ${rawSubTable}_insert_permission_check_tf();
+                    execute procedure ${rawSubTableWithSchema}_insert_permission_check_tf();
            --//
            """,
-                with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()));
+                with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()),
                with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
    }
    private String toStringList(final Set<RbacView.CaseDef> cases) {
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
@ -90,11 +90,11 @@ public class RbacView {
     * @param <E>
     *     a JPA entity class extending RbacObject
     */
-    public static <E extends BaseEntity> RbacView rbacViewFor(final String alias, final Class<E> entityClass) {
+    public static <E extends BaseEntity<?>> RbacView rbacViewFor(final String alias, final Class<E> entityClass) {
        return new RbacView(alias, entityClass);
    }
-    RbacView(final String alias, final Class<? extends BaseEntity> entityClass) {
+    RbacView(final String alias, final Class<? extends BaseEntity<?>> entityClass) {
        rootEntityAlias = new EntityAlias(alias, entityClass);
        entityAliases.put(alias, rootEntityAlias);
        new RbacSubjectReference(CREATOR);
@ -121,7 +121,7 @@ public class RbacView {
     * <p>An identity view is a view which maps an objectUuid to an idName.
     * The idName should be a human-readable representation of the row, but as short as possible.
     * The idName must only consist of letters (A-Z, a-z), digits (0-9), dash (-), dot (.) and unserscore '_'.
-     * It's used to create the object-specific-role-names like test_customer#abc:ADMIN - here 'abc' is the idName.
+     * It's used to create the object-specific-role-names like rbactest.customer#abc:ADMIN - here 'abc' is the idName.
     * The idName not necessarily unique in a table, but it should be avoided.
     * </p>
     *
@ -287,9 +287,9 @@ public class RbacView {
     * @param <EC>
     *     a JPA entity class extending RbacObject
     */
-    public <EC extends BaseEntity> RbacView importRootEntityAliasProxy(
+    public <EC extends BaseEntity<?>> RbacView importRootEntityAliasProxy(
            final String aliasName,
-            final Class<? extends BaseEntity> entityClass,
+            final Class<? extends BaseEntity<?>> entityClass,
            final ColumnValue forCase,
            final SQL fetchSql,
            final Column dependsOnColum) {
@ -313,7 +313,7 @@ public class RbacView {
     *     a JPA entity class extending RbacObject
     */
    public RbacView importSubEntityAlias(
-            final String aliasName, final Class<? extends BaseEntity> entityClass,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass,
            final SQL fetchSql, final Column dependsOnColum) {
        importEntityAliasImpl(aliasName, entityClass, usingDefaultCase(), fetchSql, dependsOnColum, true, NOT_NULL);
        return this;
@ -350,14 +350,14 @@ public class RbacView {
     *     a JPA entity class extending RbacObject
     */
    public RbacView importEntityAlias(
-            final String aliasName, final Class<? extends BaseEntity> entityClass, final ColumnValue usingCase,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass, final ColumnValue usingCase,
            final Column dependsOnColum, final SQL fetchSql, final Nullable nullable) {
        importEntityAliasImpl(aliasName, entityClass, usingCase, fetchSql, dependsOnColum, false, nullable);
        return this;
    }
    private EntityAlias importEntityAliasImpl(
-            final String aliasName, final Class<? extends BaseEntity> entityClass, final ColumnValue usingCase,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass, final ColumnValue usingCase,
            final SQL fetchSql, final Column dependsOnColum, boolean asSubEntity, final Nullable nullable) {
        final var entityAlias = ofNullable(entityAliases.get(aliasName))
@ -911,13 +911,13 @@ public class RbacView {
        return distinctGrantDef;
    }
-    record EntityAlias(String aliasName, Class<? extends BaseEntity> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
+    record EntityAlias(String aliasName, Class<? extends BaseEntity<?>> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
        public EntityAlias(final String aliasName) {
            this(aliasName, null, null, null, null, false, null);
        }
-        public EntityAlias(final String aliasName, final Class<? extends BaseEntity> entityClass) {
+        public EntityAlias(final String aliasName, final Class<? extends BaseEntity<?>> entityClass) {
            this(aliasName, entityClass, null, null, null, false, null);
        }
@ -964,7 +964,7 @@ public class RbacView {
            if ( aliasName.equals("rbac.global")) {
                return "rbac.global"; // TODO: maybe we should introduce a GlobalEntity class?
            }
-            return withoutRvSuffix(entityClass.getAnnotation(Table.class).name());
+            return qualifiedRealTableName(entityClass);
        }
        String getRawTableSchemaPrefix() {
@ -1010,8 +1010,12 @@ public class RbacView {
        }
    }
-    public static String withoutRvSuffix(final String tableName) {
+    public static String qualifiedRealTableName(final Class<? extends BaseEntity<?>> entityClass) {
-        return tableName.substring(0, tableName.length() - "_rv".length());
+        final var tableAnnotation = entityClass.getAnnotation(Table.class);
        final var schema = tableAnnotation.schema();
        final var tableName = tableAnnotation.name();
        final var realTableName = tableName.substring(0, tableName.length() - "_rv".length());
        return (schema.isEmpty() ? "" : (schema + ".")) + realTableName;
    }
    public enum Role {
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java
@ -17,7 +17,7 @@ public class RbacViewPostgresGenerator {
    public RbacViewPostgresGenerator(final RbacView forRbacDef) {
        rbacDef = forRbacDef;
-        liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableNameWithSchema().replace("_", "-");
+        liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableNameWithSchema().replace("_", "-").replace(".", "-");
        plPgSql.writeLn("""
                --liquibase formatted sql
                -- This code generated was by ${generator}, do not amend manually.
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
@ -516,7 +516,7 @@ class RolesGrantsAndPermissionsGenerator {
                /*
                    AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row.
                 */
-                                
+
                create or replace function insertTriggerFor${simpleEntityName}_tf()
                    returns trigger
                    language plpgsql
@ -525,7 +525,7 @@ class RolesGrantsAndPermissionsGenerator {
                    call buildRbacSystemFor${simpleEntityName}(NEW);
                    return NEW;
                end; $$;
-                                
+
                create trigger insertTriggerFor${simpleEntityName}_tg
                    after insert on ${rawTableName}
                    for each row
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java
@ -19,9 +19,11 @@ public class StringWriter {
        writeLn();
    }
-    void writeLn(final String text, final VarDef... varDefs) {
+    String writeLn(final String text, final VarDef... varDefs) {
-        string.append( indented( new VarReplacer(varDefs).apply(text) ));
+        final var insertText = indented(new VarReplacer(varDefs).apply(text));
        string.append(insertText);
        writeLn();
        return insertText;
    }
    void writeLn() {
--- a/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java
@ -79,10 +79,10 @@ public class RbacGrantsDiagramService {
                return;
            }
            if ( !g.getDescendantIdName().startsWith("role:rbac.global")) {
-                if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":test_")) {
+                if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":rbactest.")) {
                    return;
                }
-                if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(":test_")) {
+                if (!includes.contains(NON_TEST_ENTITIES) && !g.getDescendantIdName().contains(":rbactest.")) {
                    return;
                }
            }
--- a/src/main/resources/db/changelog/0-base/000-base-schema.sql
+++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql
@ -4,5 +4,16 @@
 -- ============================================================================
 --changeset michael.hoennig:base-SCHEMA endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- FIXME: remove this block
 do $$
    declare
        changesetCount int;
    begin
        changesetCount := (select count(*) from databasechangelog);
        assert changesetCount = 0, 'total changesets executed: ' || changesetCount;
    end;
 $$;
 CREATE SCHEMA base;
 --//
--- a/src/main/resources/db/changelog/0-base/007-table-columns.sql
+++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql
@ -6,15 +6,31 @@
 --changeset michael.hoennig:table-columns-function endDelimiter:--//
 -- ----------------------------------------------------------------------------
-create or replace function base.tableColumnNames( tableName text )
+create or replace function base.tableColumnNames( ofTableName text )
    returns text
    stable
    language 'plpgsql' as $$
-declare columns text[];
+declare
    tableName   text;
    tableSchema text;
    columns     text[];
 begin
    tableSchema := CASE
                       WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 1)
                       ELSE 'public'
                   END;
    tableName := CASE
                     WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 2)
                     ELSE ofTableName
        END;
    columns := (select array(select column_name::text
-                    from information_schema.columns
+                               from information_schema.columns
-                    where table_name = tableName));
+                              where table_name = tableName
                                and table_schema = tableSchema));
    assert cardinality(columns) > 0, 'cannot determine columns of table ' || ofTableName ||
                                     '("' || tableSchema || '"."' || tableName || '")';
    return array_to_string(columns, ', ');
 end; $$
 --//
--- a/src/main/resources/db/changelog/0-base/010-context.sql
+++ b/src/main/resources/db/changelog/0-base/010-context.sql
@ -127,6 +127,7 @@ begin
 end; $$;
 --//
 -- ============================================================================
 --changeset michael.hoennig:context-base.ASSUMED-ROLES endDelimiter:--//
 -- ----------------------------------------------------------------------------
--- a/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql
+++ b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql
@ -0,0 +1,18 @@
 --liquibase formatted sql
 -- ============================================================================
 --changeset michael.hoennig:base-COMBINE-TABLE-SCHEMA-AND-NAME endDelimiter:--//
 -- ----------------------------------------------------------------------------
 create or replace function base.combine_table_schema_and_name(tableSchema name, tableName name)
    returns text
    language plpgsql as $$
 begin
    if tableSchema is null or tableSchema = 'public' or tableSchema = '' then
        return tableName::text;
    else
        return tableSchema::text || '.' || tableName::text;
    end if;
 end; $$;
 --//
--- a/src/main/resources/db/changelog/0-base/020-audit-log.sql
+++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql
@ -77,9 +77,11 @@ create or replace function base.tx_journal_trigger()
 declare
    curTask text;
    curTxId xid8;
    tableSchemaAndName text;
 begin
    curTask := base.currentTask();
    curTxId := pg_current_xact_id();
    tableSchemaAndName := base.combine_table_schema_and_name(tg_table_schema, tg_table_name);
    insert
        into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest)
@ -90,20 +92,20 @@ begin
    case tg_op
        when 'INSERT' then insert
                               into base.tx_journal
-                               values (curTxId,
+                               values (curTxId, tableSchemaAndName,
-                                       tg_table_name, new.uuid, tg_op::base.tx_operation,
+                                       new.uuid, tg_op::base.tx_operation,
                                       to_jsonb(new));
        when 'UPDATE' then insert
                               into base.tx_journal
-                               values (curTxId,
+                               values (curTxId, tableSchemaAndName,
-                                       tg_table_name, old.uuid, tg_op::base.tx_operation,
+                                       old.uuid, tg_op::base.tx_operation,
                                       base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
        when 'DELETE' then insert
                               into base.tx_journal
-                               values (curTxId,
+                               values (curTxId,tableSchemaAndName,
-                                       tg_table_name, old.uuid, 'DELETE'::base.tx_operation,
+                                       old.uuid, 'DELETE'::base.tx_operation,
                                       null::jsonb);
-        else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;
+        else raise exception 'Trigger op % not supported for %.', tg_op, tableSchemaAndName;
        end case;
    return null;
 end; $$;
--- a/src/main/resources/db/changelog/0-base/030-historization.sql
+++ b/src/main/resources/db/changelog/0-base/030-historization.sql
@ -81,8 +81,8 @@ begin
        "alive" := false;
    end if;
-    sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME);
+    sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)',
-    raise notice 'sql: %', sql;
+                  TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name);
    execute sql using "row";
    return "row";
--- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
+++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
@ -20,7 +20,7 @@ begin
    return currentSubjectOrAssumedRolesUuids[1];
 end; $$;
-create or replace procedure rbac.grantRoleToSubjectUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true)
+create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true)
    language plpgsql as $$
 begin
    perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role');
--- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql
+++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql
@ -57,7 +57,7 @@ begin
        end if;
        foreach subjectUuid in array subjectUuids
            loop
-                call rbac.grantRoleToSubjectUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid);
+                call rbac.grantRoleToUserUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid);
            end loop;
    end if;
--- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
+++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
@ -158,8 +158,8 @@ do language plpgsql $$
        call base.defineContext('creating fake test-realm admin users', null, null, null);
        admins = rbac.findRoleId(rbac.globalAdmin());
-        call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
+        call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
-        call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
+        call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
        perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');
        perform rbac.create_subject('selfregistered-test-user@hostsharing.org');
    end;
--- a/src/main/resources/db/changelog/2-test/200-rbactest-schema.sql
+++ b/src/main/resources/db/changelog/2-test/200-rbactest-schema.sql
@ -0,0 +1,8 @@
 --liquibase formatted sql
 -- ============================================================================
 --changeset michael.hoennig:rbactest-SCHEMA endDelimiter:--//
 -- ----------------------------------------------------------------------------
 CREATE SCHEMA rbactest; -- just 'test' does not work, databasechangelog gets emptied or deleted
 --//
--- a/src/main/resources/db/changelog/db.changelog-master.yaml
+++ b/src/main/resources/db/changelog/db.changelog-master.yaml
@ -150,15 +150,17 @@ databaseChangeLog:
    - include:
        file: db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
    - include:
-        file: db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql
+        file: db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql
    - include:
        file: db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
    - include:
-        file: db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql
+        file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
    - include:
        file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
    - include:
        file: db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
    - include:
        file: db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql
    - include:
        file: db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
    - include:
--- a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java
@ -17,7 +17,6 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
 import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity;
 import net.hostsharing.hsadminng.rbac.object.BaseEntity;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.junit.jupiter.api.BeforeAll;
@ -615,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
        jpaAttempt.transacted(() -> {
            context(rbacSuperuser);
            contacts.forEach(this::persist);
-            updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id");
+           updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id");
        }).assertSuccessful();
        jpaAttempt.transacted(() -> {
@ -699,24 +698,6 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
        assumeThat(partners.size()).isLessThanOrEqualTo(MAX_NUMBER_OF_TEST_DATA_PARTNERS);
    }
    private <E extends BaseEntity> void updateLegacyIds(
            Map<Integer, E> entities,
            final String legacyIdTable,
            final String legacyIdColumn) {
        em.flush();
        entities.forEach((id, entity) -> em.createNativeQuery("""
                            UPDATE ${legacyIdTable}
                                SET ${legacyIdColumn} = :legacyId
                                WHERE uuid = :uuid
                        """
                        .replace("${legacyIdTable}", legacyIdTable)
                        .replace("${legacyIdColumn}", legacyIdColumn))
                .setParameter("legacyId", id)
                .setParameter("uuid", entity.getUuid())
                .executeUpdate()
        );
    }
    @Test
    @Order(9999)
    @ContinueOnFailure
--- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
@ -334,6 +334,24 @@ public class CsvDataImport extends ContextBasedTest {
        errors.clear();
        assertThat(errorsToLog).isEmpty();
    }
    protected <E extends BaseEntity> void updateLegacyIds(
            Map<Integer, E> entities,
            final String legacyIdTable,
            final String legacyIdColumn) {
        em.flush();
        entities.forEach((id, entity) -> em.createNativeQuery("""
                            UPDATE ${legacyIdTable}
                                SET ${legacyIdColumn} = :legacyId
                                WHERE uuid = :uuid
                        """
                        .replace("${legacyIdTable}", legacyIdTable)
                        .replace("${legacyIdColumn}", legacyIdColumn))
                .setParameter("legacyId", id)
                .setParameter("uuid", entity.getUuid())
                .executeUpdate()
        );
    }
 }
 class Columns {
--- a/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java
@ -47,12 +47,12 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Function;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import static java.util.Arrays.stream;
 import static java.util.Map.entry;
 import static java.util.Map.ofEntries;
 import static java.util.Optional.ofNullable;
 import static java.util.stream.Collectors.joining;
 import static java.util.stream.Collectors.toMap;
 import static java.util.stream.Collectors.toSet;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.CLOUD_SERVER;
@ -938,6 +938,132 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
    @Test
    @Order(19930)
    void verifyCloudServerLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(CLOUD_SERVER)).isEqualTo("""
                23611
                """.trim());
        assertThat(missingHostingAsstLegacyIds(CLOUD_SERVER)).isEmpty();
    }
    @Test
    @Order(19931)
    void verifyManagedServerLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(MANAGED_SERVER)).isEqualTo("""
                10968
                10978
                11061
                11447
                """.trim());
        assertThat(missingHostingAsstLegacyIds(MANAGED_SERVER)).isEmpty();
    }
    @Test
    @Order(19932)
    void verifyManagedWebspaceLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(MANAGED_WEBSPACE)).isEqualTo("""
                10630
                11094
                11111
                11112
                19959
                """.trim());
        assertThat(missingHostingAsstLegacyIds(MANAGED_WEBSPACE)).isEmpty();
    }
    @Test
    @Order(19933)
    void verifyUnixUserLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(UNIX_USER)).isEqualTo("""
                5803
                5805
                5809
                5811
                5813
                5835
                5961
                5964
                5966
                5990
                6705
                6824
                7846
                9546
                9596
                """.trim());
        assertThat(missingHostingAsstLegacyIds(UNIX_USER)).isEmpty();
    }
    @Test
    @Order(19934)
    void verifyPgSqlDbLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(PGSQL_DATABASE)).isEqualTo("""
                1077
                1858
                1860
                4931
                4932
                7522
                7523
                7605
                """.trim());
        assertThat(missingHostingAsstLegacyIds(PGSQL_DATABASE)).isEmpty();
    }
    @Test
    @Order(19934)
    void verifyPgSqlUserLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(PGSQL_USER)).isEqualTo("""
                1857
                1859
                1860
                1861
                4931
                7522
                7605
                """.trim());
        assertThat(missingHostingAsstLegacyIds(PGSQL_USER)).isEmpty();
    }
    @Test
    @Order(19935)
    void verifyMariaDbLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(MARIADB_DATABASE)).isEqualTo("""
                1786
               1805
               4908
               4941
               4942
               7520
               7521
               7604
               """.trim());
        assertThat(missingHostingAsstLegacyIds(MARIADB_DATABASE)).isEmpty();
    }
    @Test
    @Order(19936)
    void verifyMariaDbUserLegacyIds() {
        assumeThatWeAreImportingControlledTestData();
        assertThat(fetchHosingAssetLegacyIds(MARIADB_USER)).isEqualTo("""
                1858
                4908
                4909
                4932
                7520
                7604
                """.trim());
        assertThat(missingHostingAsstLegacyIds(MARIADB_USER)).isEmpty();
    }
    @Test
    @Order(19940)
    void verifyProjectAgentsCanViewEmailAddresses() {
        assumeThatWeAreImportingControlledTestData();
@ -949,6 +1075,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
        assertThat(haCount).isEqualTo(68);
    }
    // ============================================================================================
    @Test
@ -1006,6 +1133,11 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
                        }
                ).assertSuccessful()
        );
        jpaAttempt.transacted(() -> {
            context(rbacSuperuser);
            updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id");
        }).assertSuccessful();
    }
    private void verifyActuallyPersistedHostingAssetCount(
@ -1610,7 +1742,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
                    //noinspection unchecked
                    zoneData.put("user-RR", ((ArrayList<ArrayList<Object>>) zoneData.get("user-RR")).stream()
-                            .map(userRR -> userRR.stream().map(Object::toString).collect(Collectors.joining(" ")))
+                            .map(userRR -> userRR.stream().map(Object::toString).collect(joining(" ")))
                            .toArray(String[]::new)
                    );
                    domainDnsSetupAsset.getConfig().putAll(zoneData);
@ -1758,4 +1890,35 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
    protected static void assumeThatWeAreImportingControlledTestData() {
        assumeThat(isImportingControlledTestData()).isTrue();
    }
    private String fetchHosingAssetLegacyIds(final HsHostingAssetType type) {
        //noinspection unchecked
        return ((List<List<?>>) em.createNativeQuery(
                    """
                     SELECT li.* FROM hs_hosting_asset_legacy_id li
                     JOIN hs_hosting_asset ha ON ha.uuid=li.uuid
                     WHERE CAST(ha.type AS text)=:type
                     ORDER BY legacy_id
                    """,
                    List.class)
                .setParameter("type", type.name())
                .getResultList()
        ).stream().map(row -> row.get(1).toString()).collect(joining("\n"));
    }
    private String missingHostingAsstLegacyIds(final HsHostingAssetType type) {
        //noinspection unchecked
        return ((List<List<?>>) em.createNativeQuery(
                    """
                    SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha
                             JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid
                             WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type
                             ORDER BY li.legacy_id
                    """,
                    List.class)
                .setParameter("type", type.name())
                .getResultList()).stream()
                .map(row -> row.stream().map(Object::toString).collect(joining(", ")))
                .collect(joining("\n"));
    }
 }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java
@ -71,16 +71,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
                    .body("", hasItem(
                            allOf(
                                // TODO: should there be a grantedByRole or just a grantedByTrigger?
-                                hasEntry("grantedByRoleIdName", "test_customer#xxx:OWNER"),
+                                hasEntry("grantedByRoleIdName", "rbactest.customer#xxx:OWNER"),
-                                hasEntry("grantedRoleIdName", "test_customer#xxx:ADMIN"),
+                                hasEntry("grantedRoleIdName", "rbactest.customer#xxx:ADMIN"),
                                hasEntry("granteeSubjectName", "customer-admin@xxx.example.com")
                            )
                    ))
                    .body("", hasItem(
                            allOf(
                                    // TODO: should there be a grantedByRole or just a grantedByTrigger?
-                                    hasEntry("grantedByRoleIdName", "test_customer#yyy:OWNER"),
+                                    hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:OWNER"),
-                                    hasEntry("grantedRoleIdName", "test_customer#yyy:ADMIN"),
+                                    hasEntry("grantedRoleIdName", "rbactest.customer#yyy:ADMIN"),
                                    hasEntry("granteeSubjectName", "customer-admin@yyy.example.com")
                            )
                    ))
@ -93,15 +93,15 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
                    ))
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("grantedByRoleIdName", "test_customer#xxx:ADMIN"),
+                                    hasEntry("grantedByRoleIdName", "rbactest.customer#xxx:ADMIN"),
-                                    hasEntry("grantedRoleIdName", "test_package#xxx00:ADMIN"),
+                                    hasEntry("grantedRoleIdName", "rbactest.package#xxx00:ADMIN"),
                                    hasEntry("granteeSubjectName", "pac-admin-xxx00@xxx.example.com")
                            )
                    ))
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("grantedByRoleIdName", "test_customer#zzz:ADMIN"),
+                                    hasEntry("grantedByRoleIdName", "rbactest.customer#zzz:ADMIN"),
-                                    hasEntry("grantedRoleIdName", "test_package#zzz02:ADMIN"),
+                                    hasEntry("grantedRoleIdName", "rbactest.package#zzz02:ADMIN"),
                                    hasEntry("granteeSubjectName", "pac-admin-zzz02@zzz.example.com")
                            )
                    ))
@ -114,7 +114,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            RestAssured // @formatter:off
                .given()
                    .header("current-subject", "superuser-alex@hostsharing.net")
-                    .header("assumed-roles", "test_package#yyy00:ADMIN")
+                    .header("assumed-roles", "rbactest.package#yyy00:ADMIN")
                    .port(port)
                .when()
                    .get("http://localhost/api/rbac/grants")
@ -123,8 +123,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
                    .contentType("application/json")
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"),
+                                    hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:ADMIN"),
-                                    hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"),
+                                    hasEntry("grantedRoleIdName", "rbactest.package#yyy00:ADMIN"),
                                    hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com")
                            )
                    ))
@ -145,13 +145,13 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
                    .contentType("application/json")
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"),
+                                    hasEntry("grantedByRoleIdName", "rbactest.customer#yyy:ADMIN"),
-                                    hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"),
+                                    hasEntry("grantedRoleIdName", "rbactest.package#yyy00:ADMIN"),
                                    hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com")
                            )
                    ))
-                    .body("[0].grantedByRoleIdName", is("test_customer#yyy:ADMIN"))
+                    .body("[0].grantedByRoleIdName", is("rbactest.customer#yyy:ADMIN"))
-                    .body("[0].grantedRoleIdName", is("test_package#yyy00:ADMIN"))
+                    .body("[0].grantedRoleIdName", is("rbactest.package#yyy00:ADMIN"))
                    .body("[0].granteeSubjectName", is("pac-admin-yyy00@yyy.example.com"));
            // @formatter:on
        }
@ -165,7 +165,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com");
            final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
-            final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
+            final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN");
            // when
            final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
@ -174,8 +174,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // then
            grant.assertThat()
                    .statusCode(200)
-                    .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
+                    .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN"))
-                    .body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
+                    .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN"))
                    .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
        }
@ -184,7 +184,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com");
            final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
-            final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
+            final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN");
            // when
            final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
@ -193,8 +193,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // then
            grant.assertThat()
                    .statusCode(200)
-                    .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
+                    .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN"))
-                    .body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
+                    .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN"))
                    .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
        }
@ -203,9 +203,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givencurrentSubjectAsPackageAdmin = new Subject(
                    "pac-admin-xxx00@xxx.example.com",
-                    "test_package#xxx00:ADMIN");
+                    "rbactest.package#xxx00:ADMIN");
            final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
-            final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
+            final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN");
            // when
            final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
@ -214,8 +214,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // then
            grant.assertThat()
                    .statusCode(200)
-                    .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN"))
+                    .body("grantedByRoleIdName", is("rbactest.customer#xxx:ADMIN"))
-                    .body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
+                    .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN"))
                    .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com"));
        }
@ -225,9 +225,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givencurrentSubjectAsPackageAdmin = new Subject(
                    "pac-admin-xxx00@xxx.example.com",
-                    "test_package#xxx00:TENANT");
+                    "rbactest.package#xxx00:TENANT");
            final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com");
-            final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN");
+            final var givenGrantedRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN");
            final var grant = givencurrentSubjectAsPackageAdmin.getGrantById()
                    .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser);
@ -245,7 +245,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givenNewUser = createRbacSubject();
-            final var givenRoleToGrant = "test_package#xxx00:ADMIN";
+            final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN";
            final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
            final var givenOwnPackageAdminRole =
                    getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole);
@ -258,9 +258,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // then
            response.assertThat()
                    .statusCode(201)
-                    .body("grantedByRoleIdName", is("test_package#xxx00:ADMIN"))
+                    .body("grantedByRoleIdName", is("rbactest.package#xxx00:ADMIN"))
                    .body("assumed", is(true))
-                    .body("grantedRoleIdName", is("test_package#xxx00:ADMIN"))
+                    .body("grantedRoleIdName", is("rbactest.package#xxx00:ADMIN"))
                    .body("granteeSubjectName", is(givenNewUser.getName()));
            assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin))
                    .extracting(RbacGrantEntity::toDisplay)
@ -274,9 +274,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givenNewUser = createRbacSubject();
-            final var givenRoleToGrant = "test_package#xxx00:ADMIN";
+            final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN";
            final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
-            final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN");
+            final var givenAlienPackageAdminRole = getRbacRoleByName("rbactest.package#yyy00:ADMIN");
            // when
            final var result = givencurrentSubjectAsPackageAdmin
@ -287,7 +287,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            result.assertThat()
                    .statusCode(403)
                    .body("message", containsString("Access to granted role"))
-                    .body("message", containsString("forbidden for test_package#xxx00:ADMIN"));
+                    .body("message", containsString("forbidden for rbactest.package#xxx00:ADMIN"));
            assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin))
                    .extracting(RbacGrantEntity::getGranteeSubjectName)
                    .doesNotContain(givenNewUser.getName());
@ -303,9 +303,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
            // given
            final var givenArbitraryUser = createRbacSubject();
-            final var givenRoleToGrant = "test_package#xxx00:ADMIN";
+            final var givenRoleToGrant = "rbactest.package#xxx00:ADMIN";
            final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
-            final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN");
+            final var givenOwnPackageAdminRole = getRbacRoleByName("rbactest.package#xxx00:ADMIN");
            // and given an existing grant
            assumeCreated(givenCurrentSubjectAsPackageAdmin
--- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java
@ -67,7 +67,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            // then
            exactlyTheseRbacGrantsAreReturned(
                    result,
-                    "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }");
+                    "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }");
        }
        @Test
@ -81,16 +81,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            // then
            exactlyTheseRbacGrantsAreReturned(
                    result,
-                    "{ grant role:test_customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:test_customer#xxx:OWNER and assume }",
+                    "{ grant role:rbactest.customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:rbactest.customer#xxx:OWNER and assume }",
-                    "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }",
+                    "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }",
-                    "{ grant role:test_package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:test_customer#xxx:ADMIN and assume }",
+                    "{ grant role:rbactest.package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }",
-                    "{ grant role:test_package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:test_customer#xxx:ADMIN and assume }");
+                    "{ grant role:rbactest.package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }");
        }
        @Test
        public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() {
            // given:
-            context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN");
            // when
            final var result = rbacGrantRepository.findAll();
@ -98,7 +98,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            // then
            exactlyTheseRbacGrantsAreReturned(
                    result,
-                    "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }");
+                    "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:rbactest.customer#xxx:ADMIN and assume }");
        }
    }
@ -108,9 +108,9 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
        @Test
        public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() {
            // given
-            context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN");
            final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid();
-            final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00:ADMIN").getUuid();
+            final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("rbactest.package#xxx00:ADMIN").getUuid();
            // when
            final var grant = RbacGrantEntity.builder()
@ -126,7 +126,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            assertThat(rbacGrantRepository.findAll())
                    .extracting(RbacGrantEntity::toDisplay)
                    .contains(
-                            "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:test_customer#xxx:ADMIN and assume }");
+                            "{ grant role:rbactest.package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:rbactest.customer#xxx:ADMIN and assume }");
        }
        @Test
@ -139,14 +139,14 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
                context("customer-admin@xxx.example.com", null);
                return new Given(
                        createNewUser(),
-                        rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER").getUuid()
+                        rbacRoleRepository.findByRoleName("rbactest.package#xxx00:OWNER").getUuid()
                );
            }).assumeSuccessful().returnedValue();
            // when
            final var attempt = jpaAttempt.transacted(() -> {
                // now we try to use these uuids as a less privileged user
-                context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN");
+                context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN");
                final var grant = RbacGrantEntity.builder()
                        .granteeSubjectUuid(given.arbitraryUser.getUuid())
                        .grantedRoleUuid(given.packageOwnerRoleUuid)
@ -158,8 +158,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            // then
            attempt.assertExceptionWithRootCauseMessage(
                    JpaSystemException.class,
-                    "ERROR: [403] Access to granted role test_package#xxx00:OWNER",
+                    "ERROR: [403] Access to granted role rbactest.package#xxx00:OWNER",
-                    "forbidden for test_package#xxx00:ADMIN");
+                    "forbidden for rbactest.package#xxx00:ADMIN");
            jpaAttempt.transacted(() -> {
                // finally, we use the new user to make sure, no roles were granted
                context(given.arbitraryUser.getName(), null);
@ -176,16 +176,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
        public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() {
            // given
            final var grant = create(grant()
-                    .byUser("customer-admin@xxx.example.com").withAssumedRole("test_customer#xxx:ADMIN")
+                    .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.customer#xxx:ADMIN")
-                    .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com"));
+                    .grantingRole("rbactest.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com"));
            // when
-            context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN");
            final var revokeAttempt = attempt(em, () ->
                    rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
            // then
-            context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN");
            assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
            assertThat(rbacGrantRepository.findAll())
                    .extracting(RbacGrantEntity::getGranteeSubjectName)
@ -197,17 +197,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
            // given
            final var newUser = createNewUserTransacted();
            final var grant = create(grant()
-                    .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:ADMIN")
+                    .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.package#xxx00:ADMIN")
-                    .grantingRole("test_package#xxx00:ADMIN").toUser(newUser.getName()));
+                    .grantingRole("rbactest.package#xxx00:ADMIN").toUser(newUser.getName()));
            // when
-            context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN");
+            context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN");
            final var revokeAttempt = attempt(em, () ->
                    rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
            // then
            assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull();
-            context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.customer#xxx:ADMIN");
            assertThat(rbacGrantRepository.findAll())
                    .extracting(RbacGrantEntity::getGranteeSubjectName)
                    .doesNotContain("pac-admin-zzz00@zzz.example.com");
@ -217,19 +217,19 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest {
        public void packageAdmin_canNotRevokeOwnPackageAdminRoleGrantedByOwnerRoleOfThatPackage() {
            // given
            final var grant = create(grant()
-                    .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:OWNER")
+                    .byUser("customer-admin@xxx.example.com").withAssumedRole("rbactest.package#xxx00:OWNER")
-                    .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com"));
+                    .grantingRole("rbactest.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com"));
-            final var grantedByRole = rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER");
+            final var grantedByRole = rbacRoleRepository.findByRoleName("rbactest.package#xxx00:OWNER");
            // when
-            context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN");
+            context("pac-admin-xxx00@xxx.example.com", "rbactest.package#xxx00:ADMIN");
            final var revokeAttempt = attempt(em, () ->
                    rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId()));
            // then
            revokeAttempt.assertExceptionWithRootCauseMessage(
                    JpaSystemException.class,
-                    "ERROR: [403] Revoking role created by %s is forbidden for {test_package#xxx00:ADMIN}.".formatted(
+                    "ERROR: [403] Revoking role created by %s is forbidden for {rbactest.package#xxx00:ADMIN}.".formatted(
                            grantedByRole.getUuid()
                    ));
        }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
@ -54,36 +54,36 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
    @Test
    void allGrantsTocurrentSubject() {
-        context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER");
+        context("superuser-alex@hostsharing.net", "rbactest.domain#xxx00-aaaa:OWNER");
        final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES));
        assertThat(graph).isEqualTo("""
                flowchart TB
-                role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT
+                role:rbactest.domain#xxx00-aaaa:ADMIN --> role:rbactest.package#xxx00:TENANT
-                role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN
+                role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.domain#xxx00-aaaa:ADMIN
-                role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT
+                role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.package#xxx00:TENANT
-                role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT
+                role:rbactest.package#xxx00:TENANT --> role:rbactest.customer#xxx:TENANT
                """.trim());
    }
    @Test
    void allGrantsTocurrentSubjectIncludingPermissions() {
-        context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER");
+        context("superuser-alex@hostsharing.net", "rbactest.domain#xxx00-aaaa:OWNER");
        final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS));
        assertThat(graph).isEqualTo("""
                flowchart TB
-                role:test_customer#xxx:TENANT --> perm:test_customer#xxx:SELECT
+                role:rbactest.customer#xxx:TENANT --> perm:rbactest.customer#xxx:SELECT
-                role:test_domain#xxx00-aaaa:ADMIN --> perm:test_domain#xxx00-aaaa:SELECT
+                role:rbactest.domain#xxx00-aaaa:ADMIN --> perm:rbactest.domain#xxx00-aaaa:SELECT
-                role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT
+                role:rbactest.domain#xxx00-aaaa:ADMIN --> role:rbactest.package#xxx00:TENANT
-                role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:DELETE
+                role:rbactest.domain#xxx00-aaaa:OWNER --> perm:rbactest.domain#xxx00-aaaa:DELETE
-                role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:UPDATE
+                role:rbactest.domain#xxx00-aaaa:OWNER --> perm:rbactest.domain#xxx00-aaaa:UPDATE
-                role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN
+                role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.domain#xxx00-aaaa:ADMIN
-                role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT
+                role:rbactest.domain#xxx00-aaaa:OWNER --> role:rbactest.package#xxx00:TENANT
-                role:test_package#xxx00:TENANT --> perm:test_package#xxx00:SELECT
+                role:rbactest.package#xxx00:TENANT --> perm:rbactest.package#xxx00:SELECT
-                role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT
+                role:rbactest.package#xxx00:TENANT --> role:rbactest.customer#xxx:TENANT
                """.trim());
    }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java
@ -42,14 +42,14 @@ class RbacRoleControllerAcceptanceTest {
            .then().assertThat()
                .statusCode(200)
                .contentType("application/json")
-                .body("", hasItem(hasEntry("roleName", "test_customer#xxx:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_customer#xxx:OWNER")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:OWNER")))
-                .body("", hasItem(hasEntry("roleName", "test_customer#xxx:TENANT")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#xxx:TENANT")))
                // ...
                .body("", hasItem(hasEntry("roleName", "rbac.global#global:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_customer#yyy:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#yyy:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER")))
                .body( "size()", greaterThanOrEqualTo(73)); // increases with new test data
        // @formatter:on
    }
@ -61,7 +61,7 @@ class RbacRoleControllerAcceptanceTest {
        RestAssured
            .given()
                .header("current-subject", "superuser-alex@hostsharing.net")
-                .header("assumed-roles", "test_package#yyy00:ADMIN")
+                .header("assumed-roles", "rbactest.package#yyy00:ADMIN")
                .port(port)
            .when()
                .get("http://localhost/api/rbac/roles")
@ -71,18 +71,18 @@ class RbacRoleControllerAcceptanceTest {
                .statusCode(200)
                .contentType("application/json")
-                .body("", hasItem(hasEntry("roleName", "test_customer#yyy:TENANT")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#yyy:TENANT")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:OWNER")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaab:OWNER")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaab:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_package#yyy00:TENANT")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.package#yyy00:TENANT")))
-                .body("", not(hasItem(hasEntry("roleName", "test_customer#xxx:TENANT"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.customer#xxx:TENANT"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_domain#xxx00-aaaa:ADMIN"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.domain#xxx00-aaaa:ADMIN"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:ADMIN"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.package#xxx00:ADMIN"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:TENANT"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.package#xxx00:TENANT"))))
        ;
        // @formatter:on
    }
@ -101,15 +101,15 @@ class RbacRoleControllerAcceptanceTest {
                .statusCode(200)
                .contentType("application/json")
-                .body("", hasItem(hasEntry("roleName", "test_customer#zzz:TENANT")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.customer#zzz:TENANT")))
-                .body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.domain#zzz00-aaaa:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_package#zzz00:ADMIN")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.package#zzz00:ADMIN")))
-                .body("", hasItem(hasEntry("roleName", "test_package#zzz00:TENANT")))
+                .body("", hasItem(hasEntry("roleName", "rbactest.package#zzz00:TENANT")))
-                .body("", not(hasItem(hasEntry("roleName", "test_customer#yyy:TENANT"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.customer#yyy:TENANT"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.domain#yyy00-aaaa:ADMIN"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))))
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.package#yyy00:ADMIN"))))
-                .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:TENANT"))));
+                .body("", not(hasItem(hasEntry("roleName", "rbactest.package#yyy00:TENANT"))));
        // @formatter:on
    }
 }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java
@ -74,8 +74,8 @@ class RbacRoleControllerRestTest {
                .andExpect(status().isOk())
                .andExpect(jsonPath("$", hasSize(3)))
                .andExpect(jsonPath("$[0].roleName", is("rbac.global#global:ADMIN")))
-                .andExpect(jsonPath("$[1].roleName", is("test_customer#xxx:OWNER")))
+                .andExpect(jsonPath("$[1].roleName", is("rbactest.customer#xxx:OWNER")))
-                .andExpect(jsonPath("$[2].roleName", is("test_customer#xxx:ADMIN")))
+                .andExpect(jsonPath("$[2].roleName", is("rbactest.customer#xxx:ADMIN")))
                .andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString())))
                .andExpect(jsonPath("$[2].objectUuid", is(customerXxxAdmin.getObjectUuid().toString())))
                .andExpect(jsonPath("$[2].objectTable", is(customerXxxAdmin.getObjectTable().toString())))
--- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java
@ -40,18 +40,18 @@ class RbacRoleRepositoryIntegrationTest {
        private static final String[] ALL_TEST_DATA_ROLES = Array.of(
            // @formatter:off
            "rbac.global#global:ADMIN",
-                "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT",
+                "rbactest.customer#xxx:ADMIN", "rbactest.customer#xxx:OWNER", "rbactest.customer#xxx:TENANT",
-                    "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT",
+                    "rbactest.package#xxx00:ADMIN", "rbactest.package#xxx00:OWNER", "rbactest.package#xxx00:TENANT",
-                    "test_package#xxx01:ADMIN", "test_package#xxx01:OWNER", "test_package#xxx01:TENANT",
+                    "rbactest.package#xxx01:ADMIN", "rbactest.package#xxx01:OWNER", "rbactest.package#xxx01:TENANT",
-                    "test_package#xxx02:ADMIN", "test_package#xxx02:OWNER", "test_package#xxx02:TENANT",
+                    "rbactest.package#xxx02:ADMIN", "rbactest.package#xxx02:OWNER", "rbactest.package#xxx02:TENANT",
-                "test_customer#yyy:ADMIN", "test_customer#yyy:OWNER", "test_customer#yyy:TENANT",
+                "rbactest.customer#yyy:ADMIN", "rbactest.customer#yyy:OWNER", "rbactest.customer#yyy:TENANT",
-                    "test_package#yyy00:ADMIN", "test_package#yyy00:OWNER", "test_package#yyy00:TENANT",
+                    "rbactest.package#yyy00:ADMIN", "rbactest.package#yyy00:OWNER", "rbactest.package#yyy00:TENANT",
-                    "test_package#yyy01:ADMIN", "test_package#yyy01:OWNER", "test_package#yyy01:TENANT",
+                    "rbactest.package#yyy01:ADMIN", "rbactest.package#yyy01:OWNER", "rbactest.package#yyy01:TENANT",
-                    "test_package#yyy02:ADMIN", "test_package#yyy02:OWNER", "test_package#yyy02:TENANT",
+                    "rbactest.package#yyy02:ADMIN", "rbactest.package#yyy02:OWNER", "rbactest.package#yyy02:TENANT",
-                "test_customer#zzz:ADMIN", "test_customer#zzz:OWNER", "test_customer#zzz:TENANT",
+                "rbactest.customer#zzz:ADMIN", "rbactest.customer#zzz:OWNER", "rbactest.customer#zzz:TENANT",
-                    "test_package#zzz00:ADMIN", "test_package#zzz00:OWNER", "test_package#zzz00:TENANT",
+                    "rbactest.package#zzz00:ADMIN", "rbactest.package#zzz00:OWNER", "rbactest.package#zzz00:TENANT",
-                    "test_package#zzz01:ADMIN", "test_package#zzz01:OWNER", "test_package#zzz01:TENANT",
+                    "rbactest.package#zzz01:ADMIN", "rbactest.package#zzz01:OWNER", "rbactest.package#zzz01:TENANT",
-                    "test_package#zzz02:ADMIN", "test_package#zzz02:OWNER", "test_package#zzz02:TENANT"
+                    "rbactest.package#zzz02:ADMIN", "rbactest.package#zzz02:OWNER", "rbactest.package#zzz02:TENANT"
            // @formatter:on
        );
@ -91,49 +91,49 @@ class RbacRoleRepositoryIntegrationTest {
            allTheseRbacRolesAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#xxx:ADMIN",
+                "rbactest.customer#xxx:ADMIN",
-                "test_customer#xxx:TENANT",
+                "rbactest.customer#xxx:TENANT",
-                "test_package#xxx00:ADMIN",
+                "rbactest.package#xxx00:ADMIN",
-                "test_package#xxx00:OWNER",
+                "rbactest.package#xxx00:OWNER",
-                "test_package#xxx00:TENANT",
+                "rbactest.package#xxx00:TENANT",
-                "test_package#xxx01:ADMIN",
+                "rbactest.package#xxx01:ADMIN",
-                "test_package#xxx01:OWNER",
+                "rbactest.package#xxx01:OWNER",
-                "test_package#xxx01:TENANT",
+                "rbactest.package#xxx01:TENANT",
                // ...
-                "test_domain#xxx00-aaaa:ADMIN",
+                "rbactest.domain#xxx00-aaaa:ADMIN",
-                "test_domain#xxx00-aaaa:OWNER",
+                "rbactest.domain#xxx00-aaaa:OWNER",
                // ..
-                "test_domain#xxx01-aaab:ADMIN",
+                "rbactest.domain#xxx01-aaab:ADMIN",
-                "test_domain#xxx01-aaab:OWNER"
+                "rbactest.domain#xxx01-aaab:OWNER"
                // @formatter:on
            );
            noneOfTheseRbacRolesIsReturned(
                    result,
                    // @formatter:off
                "rbac.global#global:ADMIN",
-                "test_customer#xxx:OWNER",
+                "rbactest.customer#xxx:OWNER",
-                "test_package#yyy00:ADMIN",
+                "rbactest.package#yyy00:ADMIN",
-                "test_package#yyy00:OWNER",
+                "rbactest.package#yyy00:OWNER",
-                "test_package#yyy00:TENANT"
+                "rbactest.package#yyy00:TENANT"
                // @formatter:on
            );
        }
        @Test
        public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() {
-            context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
+            context.define("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN");
            final var result = rbacRoleRepository.findAll();
            exactlyTheseRbacRolesAreReturned(
                    result,
-                    "test_customer#xxx:TENANT",
+                    "rbactest.customer#xxx:TENANT",
-                    "test_package#xxx00:ADMIN",
+                    "rbactest.package#xxx00:ADMIN",
-                    "test_package#xxx00:TENANT",
+                    "rbactest.package#xxx00:TENANT",
-                    "test_domain#xxx00-aaaa:ADMIN",
+                    "rbactest.domain#xxx00-aaaa:ADMIN",
-                    "test_domain#xxx00-aaaa:OWNER",
+                    "rbactest.domain#xxx00-aaaa:OWNER",
-                    "test_domain#xxx00-aaab:ADMIN",
+                    "rbactest.domain#xxx00-aaab:ADMIN",
-                    "test_domain#xxx00-aaab:OWNER");
+                    "rbactest.domain#xxx00-aaab:OWNER");
        }
        @Test
@ -157,10 +157,10 @@ class RbacRoleRepositoryIntegrationTest {
        void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() {
            context.define("customer-admin@xxx.example.com");
-            final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN");
+            final var result = rbacRoleRepository.findByRoleName("rbactest.customer#xxx:ADMIN");
            assertThat(result).isNotNull();
-            assertThat(result.getObjectTable()).isEqualTo("test_customer");
+            assertThat(result.getObjectTable()).isEqualTo("rbactest.customer");
            assertThat(result.getObjectIdName()).isEqualTo("xxx");
            assertThat(result.getRoleType()).isEqualTo(RbacRoleType.ADMIN);
        }
@ -169,7 +169,7 @@ class RbacRoleRepositoryIntegrationTest {
        void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() {
            context.define("customer-admin@xxx.example.com");
-            final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN");
+            final var result = rbacRoleRepository.findByRoleName("rbactest.customer#bbb:ADMIN");
            assertThat(result).isNull();
        }
--- a/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java
@ -5,8 +5,8 @@ import static java.util.UUID.randomUUID;
 public class TestRbacRole {
    public static final RbacRoleEntity hostmasterRole = rbacRole("rbac.global", "global", RbacRoleType.ADMIN);
-    static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER);
+    static final RbacRoleEntity customerXxxOwner = rbacRole("rbactest.customer", "xxx", RbacRoleType.OWNER);
-    static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN);
+    static final RbacRoleEntity customerXxxAdmin = rbacRole("rbactest.customer", "xxx", RbacRoleType.ADMIN);
    static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) {
        return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType);
--- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java
@ -100,7 +100,7 @@ class RbacSubjectControllerAcceptanceTest {
            RestAssured
                .given()
                    .header("current-subject", "superuser-alex@hostsharing.net")
-                    .header("assumed-roles", "test_customer#yyy:ADMIN")
+                    .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                    .port(port)
                .when()
                    .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@ -201,7 +201,7 @@ class RbacSubjectControllerAcceptanceTest {
            RestAssured
                .given()
                    .header("current-subject", "superuser-alex@hostsharing.net")
-                    .header("assumed-roles", "test_customer#yyy:ADMIN")
+                    .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                    .port(port)
                .when()
                    .get("http://localhost/api/rbac/subjects")
@ -275,12 +275,12 @@ class RbacSubjectControllerAcceptanceTest {
                    .contentType("application/json")
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_customer#yyy:TENANT"),
+                                    hasEntry("roleName", "rbactest.customer#yyy:TENANT"),
                                    hasEntry("op", "SELECT"))
                    ))
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"),
+                                    hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"),
                                    hasEntry("op", "DELETE"))
                    ))
                    // actual content tested in integration test, so this is enough for here:
@ -296,7 +296,7 @@ class RbacSubjectControllerAcceptanceTest {
            RestAssured
                .given()
                    .header("current-subject", "superuser-alex@hostsharing.net")
-                    .header("assumed-roles", "test_customer#yyy:ADMIN")
+                    .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                    .port(port)
                .when()
                    .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@ -305,12 +305,12 @@ class RbacSubjectControllerAcceptanceTest {
                    .contentType("application/json")
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_customer#yyy:TENANT"),
+                                    hasEntry("roleName", "rbactest.customer#yyy:TENANT"),
                                    hasEntry("op", "SELECT"))
                    ))
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"),
+                                    hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"),
                                    hasEntry("op", "DELETE"))
                    ))
                    // actual content tested in integration test, so this is enough for here:
@ -334,12 +334,12 @@ class RbacSubjectControllerAcceptanceTest {
                    .contentType("application/json")
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_customer#yyy:TENANT"),
+                                    hasEntry("roleName", "rbactest.customer#yyy:TENANT"),
                                    hasEntry("op", "SELECT"))
                    ))
                    .body("", hasItem(
                            allOf(
-                                    hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"),
+                                    hasEntry("roleName", "rbactest.domain#yyy00-aaaa:OWNER"),
                                    hasEntry("op", "DELETE"))
                    ))
                    // actual content tested in integration test, so this is enough for here:
--- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java
@ -128,7 +128,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
        @Test
        public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() {
            given:
-            context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN");
+            context("superuser-alex@hostsharing.net", "rbactest.customer#xxx:ADMIN");
            // when
            final var result = rbacSubjectRepository.findByOptionalNameLike(null);
@ -159,7 +159,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
        @Test
        public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() {
-            context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN");
+            context("customer-admin@xxx.example.com", "rbactest.package#xxx00:ADMIN");
            final var result = rbacSubjectRepository.findByOptionalNameLike(null);
@ -182,47 +182,47 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
        private static final String[] ALL_USER_PERMISSIONS = Array.of(
                // @formatter:off
-                "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: SELECT",
-                "test_customer#xxx:OWNER -> test_customer#xxx: DELETE",
+                "rbactest.customer#xxx:OWNER -> rbactest.customer#xxx: DELETE",
-                "test_customer#xxx:TENANT -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT",
-                "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package",
+                "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: INSERT:rbactest.package",
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:TENANT -> test_package#xxx00: SELECT",
+                "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT",
-                "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain",
+                "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain",
-                "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain",
+                "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain",
-                "test_package#xxx01:TENANT -> test_package#xxx01: SELECT",
+                "rbactest.package#xxx01:TENANT -> rbactest.package#xxx01: SELECT",
-                "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain",
+                "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain",
-                "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain",
+                "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain",
-                "test_package#xxx02:TENANT -> test_package#xxx02: SELECT",
+                "rbactest.package#xxx02:TENANT -> rbactest.package#xxx02: SELECT",
-                "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT",
-                "test_customer#yyy:OWNER -> test_customer#yyy: DELETE",
+                "rbactest.customer#yyy:OWNER -> rbactest.customer#yyy: DELETE",
-                "test_customer#yyy:TENANT -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT",
-                "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:TENANT -> test_package#yyy00: SELECT",
+                "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT",
-                "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain",
+                "rbactest.package#yyy01:ADMIN -> rbactest.package#yyy01: INSERT:rbactest.domain",
-                "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain",
+                "rbactest.package#yyy01:ADMIN -> rbactest.package#yyy01: INSERT:rbactest.domain",
-                "test_package#yyy01:TENANT -> test_package#yyy01: SELECT",
+                "rbactest.package#yyy01:TENANT -> rbactest.package#yyy01: SELECT",
-                "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain",
+                "rbactest.package#yyy02:ADMIN -> rbactest.package#yyy02: INSERT:rbactest.domain",
-                "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain",
+                "rbactest.package#yyy02:ADMIN -> rbactest.package#yyy02: INSERT:rbactest.domain",
-                "test_package#yyy02:TENANT -> test_package#yyy02: SELECT",
+                "rbactest.package#yyy02:TENANT -> rbactest.package#yyy02: SELECT",
-                "test_customer#zzz:ADMIN -> test_customer#zzz: SELECT",
+                "rbactest.customer#zzz:ADMIN -> rbactest.customer#zzz: SELECT",
-                "test_customer#zzz:OWNER -> test_customer#zzz: DELETE",
+                "rbactest.customer#zzz:OWNER -> rbactest.customer#zzz: DELETE",
-                "test_customer#zzz:TENANT -> test_customer#zzz: SELECT",
+                "rbactest.customer#zzz:TENANT -> rbactest.customer#zzz: SELECT",
-                "test_customer#zzz:ADMIN -> test_customer#zzz: INSERT:test_package",
+                "rbactest.customer#zzz:ADMIN -> rbactest.customer#zzz: INSERT:rbactest.package",
-                "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain",
+                "rbactest.package#zzz00:ADMIN -> rbactest.package#zzz00: INSERT:rbactest.domain",
-                "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain",
+                "rbactest.package#zzz00:ADMIN -> rbactest.package#zzz00: INSERT:rbactest.domain",
-                "test_package#zzz00:TENANT -> test_package#zzz00: SELECT",
+                "rbactest.package#zzz00:TENANT -> rbactest.package#zzz00: SELECT",
-                "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain",
+                "rbactest.package#zzz01:ADMIN -> rbactest.package#zzz01: INSERT:rbactest.domain",
-                "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain",
+                "rbactest.package#zzz01:ADMIN -> rbactest.package#zzz01: INSERT:rbactest.domain",
-                "test_package#zzz01:TENANT -> test_package#zzz01: SELECT",
+                "rbactest.package#zzz01:TENANT -> rbactest.package#zzz01: SELECT",
-                "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain",
+                "rbactest.package#zzz02:ADMIN -> rbactest.package#zzz02: INSERT:rbactest.domain",
-                "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain",
+                "rbactest.package#zzz02:ADMIN -> rbactest.package#zzz02: INSERT:rbactest.domain",
-                "test_package#zzz02:TENANT -> test_package#zzz02: SELECT"
+                "rbactest.package#zzz02:TENANT -> rbactest.package#zzz02: SELECT"
                // @formatter:on
        );
@ -233,7 +233,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
            // when
            final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net"))
-                    .stream().filter(p -> p.getObjectTable().contains("test_"))
+                    .stream().filter(p -> p.getObjectTable().contains("rbactest."))
                    .sorted(comparing(RbacSubjectPermission::toString)).toList();
            // then
@ -252,32 +252,32 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
            allTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package",
+                "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: INSERT:rbactest.package",
-                "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: SELECT",
-                "test_customer#xxx:TENANT -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT",
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:TENANT -> test_package#xxx00: SELECT",
+                "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT",
-                "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE",
+                "rbactest.domain#xxx00-aaaa:OWNER -> rbactest.domain#xxx00-aaaa: DELETE",
-                "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain",
+                "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain",
-                "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain",
+                "rbactest.package#xxx01:ADMIN -> rbactest.package#xxx01: INSERT:rbactest.domain",
-                "test_package#xxx01:TENANT -> test_package#xxx01: SELECT",
+                "rbactest.package#xxx01:TENANT -> rbactest.package#xxx01: SELECT",
-                "test_domain#xxx01-aaaa:OWNER -> test_domain#xxx01-aaaa: DELETE",
+                "rbactest.domain#xxx01-aaaa:OWNER -> rbactest.domain#xxx01-aaaa: DELETE",
-                "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain",
+                "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain",
-                "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain",
+                "rbactest.package#xxx02:ADMIN -> rbactest.package#xxx02: INSERT:rbactest.domain",
-                "test_package#xxx02:TENANT -> test_package#xxx02: SELECT",
+                "rbactest.package#xxx02:TENANT -> rbactest.package#xxx02: SELECT",
-                "test_domain#xxx02-aaaa:OWNER -> test_domain#xxx02-aaaa: DELETE"
+                "rbactest.domain#xxx02-aaaa:OWNER -> rbactest.domain#xxx02-aaaa: DELETE"
                // @formatter:on
            );
            noneOfTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package",
-                "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT",
-                "test_customer#yyy:TENANT -> test_customer#yyy: SELECT"
+                "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT"
                // @formatter:on
            );
        }
@ -312,26 +312,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
            allTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#xxx:TENANT -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT",
-                // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin!
+                // "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: view" - Not permissions through the customer admin!
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:TENANT -> test_package#xxx00: SELECT",
+                "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT",
-                "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE",
+                "rbactest.domain#xxx00-aaaa:OWNER -> rbactest.domain#xxx00-aaaa: DELETE",
-                "test_domain#xxx00-aaab:OWNER -> test_domain#xxx00-aaab: DELETE"
+                "rbactest.domain#xxx00-aaab:OWNER -> rbactest.domain#xxx00-aaab: DELETE"
                // @formatter:on
            );
            noneOfTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: INSERT:rbactest.package",
-                "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT",
-                "test_customer#yyy:TENANT -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:TENANT -> test_package#yyy00: SELECT",
+                "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT",
-                "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE",
+                "rbactest.domain#yyy00-aaaa:OWNER -> rbactest.domain#yyy00-aaaa: DELETE",
-                "test_domain#yyy00-aaab:OWNER -> test_domain#yyy00-aaab: DELETE"
+                "rbactest.domain#yyy00-aaab:OWNER -> rbactest.domain#yyy00-aaab: DELETE"
                // @formatter:on
            );
        }
@ -360,26 +360,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest {
            allTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
-                "test_customer#xxx:TENANT -> test_customer#xxx: SELECT",
+                "rbactest.customer#xxx:TENANT -> rbactest.customer#xxx: SELECT",
-                // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin!
+                // "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: view" - Not permissions through the customer admin!
-                "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain",
+                "rbactest.package#xxx00:ADMIN -> rbactest.package#xxx00: INSERT:rbactest.domain",
-                "test_package#xxx00:TENANT -> test_package#xxx00: SELECT"
+                "rbactest.package#xxx00:TENANT -> rbactest.package#xxx00: SELECT"
                // @formatter:on
            );
            noneOfTheseRbacPermissionsAreReturned(
                    result,
                    // @formatter:off
                // no customer admin permissions
-                "test_customer#xxx:ADMIN -> test_customer#xxx: add-package",
+                "rbactest.customer#xxx:ADMIN -> rbactest.customer#xxx: add-package",
                // no permissions on other customer's objects
-                "test_customer#yyy:ADMIN -> test_customer#yyy: add-package",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: add-package",
-                "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:ADMIN -> rbactest.customer#yyy: SELECT",
-                "test_customer#yyy:TENANT -> test_customer#yyy: SELECT",
+                "rbactest.customer#yyy:TENANT -> rbactest.customer#yyy: SELECT",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain",
+                "rbactest.package#yyy00:ADMIN -> rbactest.package#yyy00: INSERT:rbactest.domain",
-                "test_package#yyy00:TENANT -> test_package#yyy00: SELECT",
+                "rbactest.package#yyy00:TENANT -> rbactest.package#yyy00: SELECT",
-                "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE",
+                "rbactest.domain#yyy00-aaaa:OWNER -> rbactest.domain#yyy00-aaaa: DELETE",
-                "test_domain#yyy00-xxxb:OWNER -> test_domain#yyy00-xxxb: DELETE"
+                "rbactest.domain#yyy00-xxxb:OWNER -> rbactest.domain#yyy00-xxxb: DELETE"
                // @formatter:on
            );
        }