REST API should have basic Integration Tests that prove that a user account added to the Administrator group is given full access rights. Put another way, this user account should have access to all features/endpoints in the REST API.
Tests should prove
- A new user account added to the "Administrator" group gains Admin rights (this might be verified via the new "/authz/authorizations/" endpoint, possibly using the Site object?)
- An Admin user has rights to all features in the new "/authz/features/" endpoint
- An Admin user has rights to all access restricted endpoints (these ITs may already exist, but need verification for each access restricted endpoint)