c.Fatalf("unable to attach policy: %v", err)
	}

	admClnt := s.getAdminClient(c, accessKey, secretKey, "")

	// 3.3 check user does not have explicit permissions to create service account.
	c.mustNotCreateSvcAccount(ctx, accessKey, admClnt)

	// 4. Verify the policy appears in listing
	ps, err := s.adm.ListCannedPolicies(ctx)
	if err != nil {
		c.Fatalf("policy list err: %v", err)
	}
	_, ok := ps[policy1]

	// 5. Check that service account can be deleted.
	c.assertSvcAccDeletion(ctx, s, userAdmClient, value.AccessKeyID, bucket)

	// 6. Check that service account cannot be created for some other user.
	c.mustNotCreateSvcAccount(ctx, globalActiveCred.AccessKey, userAdmClient)

	// Detach the policy from the user
	if _, err = s.adm.DetachPolicyLDAP(ctx, userReq); err != nil {
		c.Fatalf("Unable to detach user policy: %v", err)
	}