diff --git a/designate_tempest_plugin/tests/scenario/v2/recordset_data.json b/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
index 9f365a72..31687221 100644
--- a/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
+++ b/designate_tempest_plugin/tests/scenario/v2/recordset_data.json
@@ -48,5 +48,37 @@
         "name": "www",
         "type": "TXT",
         "records": ["\"Any Old Text Goes Here\""]
+    },
+    "SPF": {
+        "name": "*.sub",
+        "type": "SPF",
+        "records": ["\"v=spf1; a -all\""]
+    },
+    "NS": {
+        "name": "NS_Record",
+        "type": "NS",
+        "records": ["ns1.example.org."]
+    },
+    "PTR_IPV4": {
+        "name": "PTR_Record_IPV4",
+        "type": "PTR",
+        "records": ["34.216.184.93.in-addr.arpa."]
+    },
+   "PTR_IPV6":{
+       "name":"PTR_Record_IPV6",
+       "type":"PTR",
+       "records":[
+           "6.4.9.1.8.c.5.2.3.9.8.1.8.4.2.0.1.0.0.0.0.2.2.0.0.0.8.2.6.0.6.2.ip6.arpa."
+      ]
+   },
+   "CAA_Record": {
+       "name": "CAA_Record",
+       "type": "CAA",
+       "records": ["0 issue letsencrypt.org"]
+    },
+   "NAPTR_Record": {
+       "name": "NAPTR_Record",
+       "type": "NAPTR",
+       "records": ["0 0 S SIP+D2U !^.*$!sip:customer-service@example.com! _sip._udp.example.com."]
     }
-}
+}
\ No newline at end of file
diff --git a/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py b/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
index 0808f56c..4c40c28e 100644
--- a/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
+++ b/designate_tempest_plugin/tests/scenario/v2/test_recordsets.py
@@ -27,10 +27,16 @@ CONF = config.CONF
 
 @ddt.ddt
 class RecordsetsTest(base.BaseDnsV2Test):
+
+    credentials = ["admin", "system_admin", "primary"]
+
     @classmethod
     def setup_clients(cls):
         super(RecordsetsTest, cls).setup_clients()
-
+        if CONF.enforce_scope.designate:
+            cls.admin_client = cls.os_system_admin.dns_v2.RecordsetClient()
+        else:
+            cls.admin_client = cls.os_admin.dns_v2.RecordsetClient()
         cls.client = cls.os_primary.dns_v2.ZonesClient()
         cls.recordset_client = cls.os_primary.dns_v2.RecordsetClient()
 
@@ -98,3 +104,21 @@ class RecordsetsTest(base.BaseDnsV2Test):
         self.assertRaises(lib_exc.NotFound,
                           lambda: self.recordset_client.show_recordset(
                               self.zone['id'], recordset['id']))
+
+    @decorators.idempotent_id('1e78a742-66ee-11ec-8dc3-201e8823901f')
+    def test_create_soa_record_not_permitted(self):
+        # SOA record is automatically created for a zone, no user
+        # should be able to create a SOA record.
+        soa_record = ("s1.devstack.org. admin.example.net. 1510721487 3510"
+                      " 600 86400 3600")
+        LOG.info('Primary tries to create a Recordset on '
+                 'the existing zone')
+        self.assertRaises(
+            lib_exc.BadRequest,
+            self.recordset_client.create_recordset,
+            self.zone['id'], soa_record)
+        LOG.info('Admin tries to create a Recordset on the existing zone')
+        self.assertRaises(
+            lib_exc.BadRequest,
+            self.admin_client.create_recordset,
+            self.zone['id'], soa_record)