diff --git a/mods/mods_available/kdmod/ShareTestService.js b/mods/mods_available/kdmod/ShareTestService.js
index d40beddc..b5e36aa8 100644
--- a/mods/mods_available/kdmod/ShareTestService.js
+++ b/mods/mods_available/kdmod/ShareTestService.js
@@ -185,6 +185,47 @@ class ShareTestService extends use.Service {
             return { message: 'expected error, got none' };
         }
     }
+    async ['__scenario:grant'] (
+        { actor, user },
+        { to, permission },
+    ) {
+        const svc_permission = this.services.get('permission');
+        await svc_permission.grant_user_user_permission(
+            actor, to, permission, {}, {},
+        );
+    }
+    async ['__scenario:assert-access'] (
+        { actor, user },
+        { path, level }
+    ) {
+        const svc_fs = this.services.get('filesystem');
+        const svc_acl = this.services.get('acl');
+        const node = await svc_fs.node(new NodePathSelector(path));
+        const has_read = await svc_acl.check(actor, node, 'read');
+        const has_write = await svc_acl.check(actor, node, 'write');
+
+        if ( level !== 'write' && level !== 'read' ) {
+            return {
+                message: 'unexpected value for "level" parameter'
+            };
+        }
+
+        if ( level === 'read' && has_write ) {
+            return {
+                message: 'expected read-only but actor can write'
+            };
+        }
+        if ( level === 'read' && !has_read ) {
+            return {
+                message: 'expected read access but no read access'
+            };
+        }
+        if ( level === 'write' && (!has_write || !has_read) ) {
+            return {
+                message: 'expected write access but no write access'
+            };
+        }
+    }
 }
 
 module.exports = {
diff --git a/mods/mods_available/kdmod/data/sharetest_scenarios.js b/mods/mods_available/kdmod/data/sharetest_scenarios.js
index 799264b8..b5c5c0c7 100644
--- a/mods/mods_available/kdmod/data/sharetest_scenarios.js
+++ b/mods/mods_available/kdmod/data/sharetest_scenarios.js
@@ -19,5 +19,57 @@ module.exports = [
                 }
             },
         ]
-    }
+    },
+    {
+        sequence: [
+            {
+                title: 'Stan creates a file',
+                call: 'create-example-file',
+                as: 'testuser_stan',
+                with: {
+                    name: 'example.txt',
+                    contents: 'secret file',
+                }
+            },
+            {
+                title: 'Stan grants permission to Eric',
+                call: 'grant',
+                as: 'testuser_stan',
+                with: {
+                    to: 'testuser_eric',
+                    permission: 'fs:/testuser_stan/Desktop/example.txt:read'
+                }
+            },
+            {
+                title: 'Eric tries to access it',
+                call: 'assert-access',
+                as: 'testuser_eric',
+                with: {
+                    path: '/testuser_stan/Desktop/example.txt',
+                    level: 'read'
+                }
+            },
+        ]
+    },
+    {
+        sequence: [
+            {
+                title: 'Stan grants Kyle\'s file to Eric',
+                call: 'grant',
+                as: 'testuser_stan',
+                with: {
+                    to: 'testuser_eric',
+                    permission: 'fs:/testuser_kyle/Desktop/example.txt:read'
+                }
+            },
+            {
+                title: 'Eric tries to access it',
+                call: 'assert-no-access',
+                as: 'testuser_eric',
+                with: {
+                    path: '/testuser_kyle/Desktop/example.txt',
+                }
+            },
+        ]
+    },
 ];