diff --git a/tests/domain/test_authz.py b/tests/domain/test_authz.py
new file mode 100644
index 00000000..32368cb6
--- /dev/null
+++ b/tests/domain/test_authz.py
@@ -0,0 +1,20 @@
+from atst.domain.authz import Authorization
+from atst.domain.roles import Roles
+
+from tests.factories import RequestFactory, UserFactory
+
+
+def test_creator_can_view_own_request():
+    user = UserFactory.create()
+    request = RequestFactory.create(creator=user)
+    assert Authorization.can_view_request(user, request)
+
+    other_user = UserFactory.create()
+    assert not Authorization.can_view_request(other_user, request)
+
+
+def test_ccpo_user_can_view_request():
+    role = Roles.get("ccpo")
+    ccpo_user = UserFactory.create(atat_role=role)
+    request = RequestFactory.create()
+    assert Authorization.can_view_request(ccpo_user, request)