diff --git a/bin/keystone_data.sh b/bin/keystone_data.sh
index 3e2c57ea5..68dba2b3b 100755
--- a/bin/keystone_data.sh
+++ b/bin/keystone_data.sh
@@ -135,6 +135,19 @@ if [[ "$ENABLED_SERVICES" =~ "barbican" ]]; then
         --user="$USER_ID" \
         --role="$ROLE_ADMIN_ID" \
         --tenant-id="$PROJECT_B_ID"
+
+    #
+    # Setup RBAC Creator of Project B
+    #
+    USER_ID=$(get_id keystone user-create \
+        --name="project_b_creator" \
+        --pass="$USER_PASSWORD" \
+        --email="creator_b@example.net")
+    keystone user-role-add \
+        --user="$USER_ID" \
+        --role="$ROLE_CREATOR_ID" \
+        --tenant-id="$PROJECT_B_ID"
+
     #
     # Setup RBAC Observer of Project B
     #
@@ -146,6 +159,18 @@ if [[ "$ENABLED_SERVICES" =~ "barbican" ]]; then
         --user="$USER_ID" \
         --role="$ROLE_OBSERVER_ID" \
         --tenant-id="$PROJECT_B_ID"
+
+    #
+    # Setup RBAC Auditor of Project B
+    #
+    USER_ID=$(get_id keystone user-create \
+        --name="project_b_auditor" \
+        --pass="$USER_PASSWORD" \
+        --email="auditor_b@example.net")
+    keystone user-role-add \
+        --user="$USER_ID" \
+        --role="$ROLE_AUDIT_ID" \
+        --tenant-id="$PROJECT_B_ID"
     #
     # Setup Admin Endpoint
     #
diff --git a/contrib/devstack/lib/barbican b/contrib/devstack/lib/barbican
index a853a0e81..164033d70 100755
--- a/contrib/devstack/lib/barbican
+++ b/contrib/devstack/lib/barbican
@@ -280,6 +280,17 @@ function create_barbican_accounts {
         --role="$ROLE_ADMIN_ID" \
         --tenant-id="$PROJECT_B_ID"
     #
+    # Setup RBAC Creator of Project B
+    #
+    USER_ID=$(get_id keystone user-create \
+        --name="project_b_creator" \
+        --pass="$PASSWORD" \
+        --email="creator_b@example.net")
+    keystone user-role-add \
+        --user="$USER_ID" \
+        --role="$ROLE_CREATOR_ID" \
+        --tenant-id="$PROJECT_B_ID"
+    #
     # Setup RBAC Observer of Project B
     #
     USER_ID=$(get_id keystone user-create \
@@ -291,6 +302,17 @@ function create_barbican_accounts {
         --role="$ROLE_OBSERVER_ID" \
         --tenant-id="$PROJECT_B_ID"
     #
+    # Setup RBAC auditor of Project B
+    #
+    USER_ID=$(get_id keystone user-create \
+        --name="project_b_auditor" \
+        --pass="$PASSWORD" \
+        --email="auditor_b@example.net")
+    keystone user-role-add \
+        --user="$USER_ID" \
+        --role="$ROLE_AUDIT_ID" \
+        --tenant-id="$PROJECT_B_ID"
+    #
     # Setup Admin Endpoint
     #
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/etc/barbican/barbican-functional.conf b/etc/barbican/barbican-functional.conf
index c9ddf3a61..a2c36ee00 100644
--- a/etc/barbican/barbican-functional.conf
+++ b/etc/barbican/barbican-functional.conf
@@ -14,6 +14,8 @@ domain_name=Default
 # Replace these values that represent additional users for RBAC testing
 project_a=project_a
 project_b=project_b
+
+# users for project_a
 admin_a=project_a_admin
 admin_a_password=barbican
 creator_a=project_a_creator
@@ -22,10 +24,16 @@ observer_a=project_a_observer
 observer_a_password=barbican
 auditor_a=project_a_auditor
 auditor_a_password=barbican
+
+# users for project_b
 admin_b=project_b_admin
 admin_b_password=barbican
+creator_b=project_b_creator
+creator_b_password=barbican
 observer_b=project_b_observer
 observer_b_password=barbican
+auditor_b=project_b_auditor
+auditor_b_password=barbican
 
 [keymanager]
 
diff --git a/functionaltests/api/v1/functional/test_rbac.py b/functionaltests/api/v1/functional/test_rbac.py
index 4afef29f9..193be506a 100644
--- a/functionaltests/api/v1/functional/test_rbac.py
+++ b/functionaltests/api/v1/functional/test_rbac.py
@@ -26,8 +26,11 @@ admin_a = CONF.rbac_users.admin_a
 creator_a = CONF.rbac_users.creator_a
 observer_a = CONF.rbac_users.observer_a
 auditor_a = CONF.rbac_users.auditor_a
+
 admin_b = CONF.rbac_users.admin_b
+creator_b = CONF.rbac_users.creator_b
 observer_b = CONF.rbac_users.observer_b
+auditor_b = CONF.rbac_users.auditor_b
 
 
 test_data_rbac_read_secret = {
@@ -36,7 +39,9 @@ test_data_rbac_read_secret = {
     'with_observer_a': {'user': observer_a, 'expected_return': 200},
     'with_auditor_a': {'user': auditor_a, 'expected_return': 403},
     'with_admin_b': {'user': admin_b, 'expected_return': 403},
+    'with_creator_b': {'user': creator_b, 'expected_return': 403},
     'with_observer_b': {'user': observer_b, 'expected_return': 403},
+    'with_auditor_b': {'user': auditor_b, 'expected_return': 403},
 }
 
 
@@ -46,7 +51,9 @@ test_data_rbac_read_container = {
     'with_observer_a': {'user': observer_a, 'expected_return': 200},
     'with_auditor_a': {'user': auditor_a, 'expected_return': 200},
     'with_admin_b': {'user': admin_b, 'expected_return': 403},
+    'with_creator_b': {'user': creator_b, 'expected_return': 403},
     'with_observer_b': {'user': observer_b, 'expected_return': 403},
+    'with_auditor_b': {'user': auditor_b, 'expected_return': 403},
 }
 
 
diff --git a/functionaltests/common/client.py b/functionaltests/common/client.py
index 082d53809..394b5ccd1 100644
--- a/functionaltests/common/client.py
+++ b/functionaltests/common/client.py
@@ -76,12 +76,24 @@ class BarbicanClient(object):
             username=CONF.rbac_users.admin_b,
             password=CONF.rbac_users.admin_b_password,
             project_name=CONF.rbac_users.project_b)
+        self._auth[CONF.rbac_users.creator_b] = auth.FunctionalTestAuth(
+            endpoint=CONF.identity.uri,
+            version=CONF.identity.version,
+            username=CONF.rbac_users.creator_b,
+            password=CONF.rbac_users.creator_b_password,
+            project_name=CONF.rbac_users.project_b)
         self._auth[CONF.rbac_users.observer_b] = auth.FunctionalTestAuth(
             endpoint=CONF.identity.uri,
             version=CONF.identity.version,
             username=CONF.rbac_users.observer_b,
             password=CONF.rbac_users.observer_b_password,
             project_name=CONF.rbac_users.project_b)
+        self._auth[CONF.rbac_users.auditor_b] = auth.FunctionalTestAuth(
+            endpoint=CONF.identity.uri,
+            version=CONF.identity.version,
+            username=CONF.rbac_users.auditor_b,
+            password=CONF.rbac_users.auditor_b_password,
+            project_name=CONF.rbac_users.project_b)
 
     def _attempt_to_stringify_content(self, content, content_tag):
         if content is None:
diff --git a/functionaltests/common/config.py b/functionaltests/common/config.py
index f0a3cb407..748afa0b0 100644
--- a/functionaltests/common/config.py
+++ b/functionaltests/common/config.py
@@ -50,8 +50,13 @@ def setup_config(config_file=''):
         cfg.StrOpt('auditor_a_password', default='barbican'),
         cfg.StrOpt('admin_b', default='project_b_admin'),
         cfg.StrOpt('admin_b_password', default='barbican'),
+        cfg.StrOpt('creator_b', default='project_b_creator'),
+        cfg.StrOpt('creator_b_password', default='barbican'),
         cfg.StrOpt('observer_b', default='project_b_observer'),
-        cfg.StrOpt('observer_b_password', default='barbican')]
+        cfg.StrOpt('observer_b_password', default='barbican'),
+        cfg.StrOpt('auditor_b', default='project_b_auditor'),
+        cfg.StrOpt('auditor_b_password', default='barbican'),
+    ]
     TEST_CONF.register_group(rbac_users_group)
     TEST_CONF.register_opts(rbac_users_options, group=rbac_users_group)