diff --git a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java
new file mode 100644
index 0000000000..668fb4b57e
--- /dev/null
+++ b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/model/user/UserRoles.java
@@ -0,0 +1,27 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * %%
+ * License rights for this program may be obtained from Alfresco Software, Ltd.
+ * pursuant to a written agreement and any use of this program without such an
+ * agreement is prohibited.
+ * #L%
+ */
+package org.alfresco.rest.rm.community.model.user;
+
+/**
+ * Constants for RM user roles
+ * 
+ * @author Kristijan Conkas
+ * @since 2.6
+ */
+public class UserRoles
+{
+    public static final String ROLE_RM_ADMIN = "Administrator";
+    public static final String ROLE_RM_MANAGER = "RecordsManager";
+    public static final String ROLE_RM_POWER_USER = "PowerUser";
+    public static final String ROLE_RM_SECURITY_OFFICER = "SecurityOfficer";
+    public static final String ROLE_RM_USER = "User";
+}
diff --git a/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/requests/RMUserAPI.java b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/requests/RMUserAPI.java
new file mode 100644
index 0000000000..7eca43afde
--- /dev/null
+++ b/rm-automation/rm-automation-community-rest-api/src/main/java/org/alfresco/rest/rm/community/requests/RMUserAPI.java
@@ -0,0 +1,109 @@
+/*
+ * #%L
+ * Alfresco Records Management Module
+ * %%
+ * Copyright (C) 2005 - 2016 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco.rest.rm.community.requests;
+
+import static com.jayway.restassured.RestAssured.given;
+
+import static org.alfresco.rest.core.RestRequest.requestWithBody;
+import static org.alfresco.rest.core.RestRequest.simpleRequest;
+import static org.alfresco.rest.rm.community.util.ParameterCheck.mandatoryObject;
+import static org.alfresco.rest.rm.community.util.PojoUtility.toJson;
+import static org.springframework.http.HttpMethod.DELETE;
+import static org.springframework.http.HttpMethod.GET;
+import static org.springframework.http.HttpMethod.POST;
+import static org.springframework.http.HttpMethod.PUT;
+import static org.springframework.http.HttpStatus.OK;
+
+import java.text.MessageFormat;
+
+import com.jayway.restassured.builder.RequestSpecBuilder;
+import com.jayway.restassured.response.Response;
+import com.jayway.restassured.specification.RequestSpecification;
+
+import org.alfresco.dataprep.AlfrescoHttpClient;
+import org.alfresco.dataprep.AlfrescoHttpClientFactory;
+import org.alfresco.dataprep.UserService;
+import org.alfresco.rest.core.RestAPI;
+import org.alfresco.rest.rm.community.model.site.RMSite;
+import org.alfresco.utility.data.DataUser;
+import org.apache.commons.httpclient.HttpStatus;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Component;
+
+/**
+ * RM user management API
+ * 
+ * @author Kristijan Conkas
+ * @since 2.6
+ */
+// FIXME: As of December 2016 there is no v1-style API for managing RM users and users' 
+// roles. Until such APIs have become available, methods in this class are just proxies to 
+// "old-style" API calls.
+@Component
+@Scope (value = "prototype")
+public class RMUserAPI extends RestAPI<RMUserAPI>
+{
+    @Autowired
+    private RMSiteAPI rmSiteAPI;
+
+    @Autowired
+    private UserService userService;
+    
+    @Autowired
+    private DataUser dataUser;
+    
+    @Autowired
+    private AlfrescoHttpClientFactory alfrescoHttpClientFactory;
+        
+    public void assignRoleToUser(String userName, String userRole) throws Exception
+    {
+        // get an "old-style" REST API client
+        AlfrescoHttpClient client = alfrescoHttpClientFactory.getObject();
+        
+        // override v1 baseURI and basePath
+        RequestSpecification spec = new RequestSpecBuilder()
+            .setBaseUri(client.getApiUrl())
+            .setBasePath("/")
+            .build();
+        
+        Response response = given()
+            .spec(spec)
+            .log().all()
+            .pathParam("role", userRole)
+            .pathParam("authority", userName)
+            .param("alf_ticket", client.getAlfTicket(
+                dataUser.getAdminUser().getUsername(), dataUser.getAdminUser().getPassword()))
+        .when()
+            .post("/rm/roles/{role}/authorities/{authority}")
+            .prettyPeek()
+            .andReturn();
+        usingRestWrapper().setStatusCode(Integer.toString(response.getStatusCode()));
+    }
+}
diff --git a/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java
index 476e6e2522..d0c9491ac0 100644
--- a/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java
+++ b/rm-automation/rm-automation-community-rest-api/src/test/java/org/alfresco/rest/rm/community/fileplancomponents/DeleteRecordTests.java
@@ -26,29 +26,28 @@
  */
 package org.alfresco.rest.rm.community.fileplancomponents;
 
-import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.FILE_PLAN_ALIAS;
-import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.HOLDS_ALIAS;
-import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.TRANSFERS_ALIAS;
+import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentAlias.UNFILED_RECORDS_CONTAINER_ALIAS;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.CONTENT_TYPE;
 import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.NON_ELECTRONIC_RECORD_TYPE;
-import static org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponentType.RECORD_FOLDER_TYPE;
-import static org.alfresco.rest.rm.community.util.PojoUtility.toJson;
 import static org.alfresco.utility.data.RandomData.getRandomAlphanumeric;
-import static org.springframework.http.HttpStatus.BAD_REQUEST;
 import static org.springframework.http.HttpStatus.CREATED;
-import static org.springframework.http.HttpStatus.NO_CONTENT;
+import static org.springframework.http.HttpStatus.FORBIDDEN;
 import static org.springframework.http.HttpStatus.NOT_FOUND;
-import static org.springframework.http.HttpStatus.UNPROCESSABLE_ENTITY;
-import static org.testng.Assert.assertFalse;
-import static org.testng.Assert.assertTrue;
+import static org.springframework.http.HttpStatus.NO_CONTENT;
+import static org.springframework.http.HttpStatus.OK;
 
 import org.alfresco.rest.rm.community.base.BaseRestTest;
 import org.alfresco.rest.rm.community.model.fileplancomponents.FilePlanComponent;
+import org.alfresco.rest.rm.community.model.user.UserRoles;
 import org.alfresco.rest.rm.community.requests.FilePlanComponentAPI;
+import org.alfresco.rest.rm.community.requests.RMSiteAPI;
+import org.alfresco.rest.rm.community.requests.RMUserAPI;
 import org.alfresco.test.AlfrescoTest;
+import org.alfresco.utility.constants.UserRole;
 import org.alfresco.utility.data.DataUser;
+import org.alfresco.utility.model.SiteModel;
+import org.alfresco.utility.model.UserModel;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 /**
@@ -65,8 +64,14 @@ public class DeleteRecordTests extends BaseRestTest
     @Autowired
     private FilePlanComponentAPI filePlanComponentAPI;
 
+    @Autowired
+    private RMUserAPI rmUserAPI;
+    
     @Autowired
     private DataUser dataUser;
+    
+    @Autowired
+    private RMSiteAPI rmSiteAPI;
 
     /** image resource file to be used for records body */
     private static final String IMAGE_FILE = "money.JPG";
@@ -139,8 +144,64 @@ public class DeleteRecordTests extends BaseRestTest
         deleteAndVerify(newRecord);
     }
     
+    /**
+     * <pre>
+     * Given a record
+     * And that I don't have write permissions
+     * When I try to delete the record
+     * Then nothing happens
+     * And error gets reported
+     * </pre>
+     * 
+     * @param container
+     * @throws Exception
+     */
+    @Test
+    (
+        description = "User without delete permissions can't delete a record"
+    )
+    public void userWithoutDeletePermissionsCantDeleteRecord() throws Exception
+    {
+        filePlanComponentAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
+        rmSiteAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
+        
+        // create a non-electronic record in unfiled records
+        FilePlanComponent record = FilePlanComponent.builder()
+            .name("Record " + getRandomAlphanumeric())
+            .nodeType(NON_ELECTRONIC_RECORD_TYPE.toString())
+            .build();
+        FilePlanComponent newRecord = filePlanComponentAPI.createFilePlanComponent(
+            record,
+            UNFILED_RECORDS_CONTAINER_ALIAS.toString());
+        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(CREATED);
+        
+        // create test user and add it with collab. privileges
+        UserModel deleteUser = dataUser.createRandomTestUser("delnoperm");
+        deleteUser.setUserRole(UserRole.SiteCollaborator);
+        logger.info("test user: " + deleteUser.getUsername());
+        dataUser.addUserToSite(deleteUser, new SiteModel(rmSiteAPI.getSite().getId()), UserRole.SiteCollaborator);
+        
+        // add RM role to user
+        rmUserAPI.assignRoleToUser(deleteUser.getUsername(), UserRoles.ROLE_RM_POWER_USER);
+        rmUserAPI.usingRestWrapper().assertStatusCodeIs(OK);
+        
+        // log in as deleteUser
+        filePlanComponentAPI.usingRestWrapper().authenticateUser(deleteUser);
+        
+        // try to delete newRecord
+        filePlanComponentAPI.deleteFilePlanComponent(newRecord.getId());
+        filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(FORBIDDEN);
+    }
+    
+    /**
+     * Utility method to delete a record and verify successful deletion
+     * @param record
+     * @throws Exception
+     */
     private void deleteAndVerify(FilePlanComponent record) throws Exception
     {
+        filePlanComponentAPI.usingRestWrapper().authenticateUser(dataUser.getAdminUser());
+        
         // delete it and verify status
         filePlanComponentAPI.deleteFilePlanComponent(record.getId());
         filePlanComponentAPI.usingRestWrapper().assertStatusCodeIs(NO_CONTENT);