diff --git a/tests/README.md b/tests/README.md
index 9bca698..178a171 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -10,6 +10,7 @@
    * **s3cmd**:  Instructions are [here](https://github.com/s3tools/s3cmd/blob/master/INSTALL.md).
    * **mc**:  Instructions are [here](https://min.io/docs/minio/linux/reference/minio-mc.html).
 3. Install BATS.  Instructions are [here](https://bats-core.readthedocs.io/en/stable/installation.html).
+4. If running on Mac OS, install **jq** with the command `brew install jq`.
 4. Create a `.secrets` file in the `tests` folder, and add the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` values to the file.
 5. Create a local AWS profile for connection to S3, and add the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION` values for your account to the profile.  Example:
 ```
diff --git a/tests/commands/delete_bucket_policy.sh b/tests/commands/delete_bucket_policy.sh
index 1250b0a..58b4208 100644
--- a/tests/commands/delete_bucket_policy.sh
+++ b/tests/commands/delete_bucket_policy.sh
@@ -5,14 +5,14 @@ delete_bucket_policy() {
     log 2 "delete bucket policy command requires command type, bucket"
     return 1
   fi
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
     error=$(aws --no-verify-ssl s3api delete-bucket-policy --bucket "$2" 2>&1) || delete_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     error=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate delpolicy "s3://$2" 2>&1) || delete_result=$?
   elif [[ $1 == 'mc' ]]; then
     error=$(mc --insecure anonymous set none "$MC_ALIAS/$2" 2>&1) || delete_result=$?
   else
-    log 2 "command 'get bucket policy' not implemented for '$1'"
+    log 2 "command 'delete bucket policy' not implemented for '$1'"
     return 1
   fi
   if [[ $delete_result -ne 0 ]]; then
diff --git a/tests/commands/get_bucket_policy.sh b/tests/commands/get_bucket_policy.sh
index ebea32d..d015745 100644
--- a/tests/commands/get_bucket_policy.sh
+++ b/tests/commands/get_bucket_policy.sh
@@ -2,22 +2,22 @@
 
 get_bucket_policy() {
   if [[ $# -ne 2 ]]; then
-    echo "get bucket policy command requires command type, bucket"
+    log 2 "get bucket policy command requires command type, bucket"
     return 1
   fi
   local get_bucket_policy_result=0
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
     get_bucket_policy_aws "$2" || get_bucket_policy_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     get_bucket_policy_s3cmd "$2" || get_bucket_policy_result=$?
   elif [[ $1 == 'mc' ]]; then
     get_bucket_policy_mc "$2" || get_bucket_policy_result=$?
   else
-    echo "command 'get bucket policy' not implemented for '$1'"
+    log 2 "command 'get bucket policy' not implemented for '$1'"
     return 1
   fi
   if [[ $get_bucket_policy_result -ne 0 ]]; then
-    echo "error getting policy: $bucket_policy"
+    log 2 "error getting policy: $bucket_policy"
     return 1
   fi
   export bucket_policy
@@ -26,17 +26,17 @@ get_bucket_policy() {
 
 get_bucket_policy_aws() {
   if [[ $# -ne 1 ]]; then
-    echo "aws 'get bucket policy' command requires bucket"
+    log 2 "aws 'get bucket policy' command requires bucket"
     return 1
   fi
-  policy_json=$(aws --no-verify-ssl s3api get-bucket-policy --bucket "$1" 2>&1) || get_result=$?
+  policy_json=$(aws --no-verify-ssl s3api get-bucket-policy --bucket "$1" 2>&1) || local get_result=$?
   policy_json=$(echo "$policy_json" | grep -v "InsecureRequestWarning")
   log 5 "$policy_json"
   if [[ $get_result -ne 0 ]]; then
     if [[ "$policy_json" == *"(NoSuchBucketPolicy)"* ]]; then
       bucket_policy=
     else
-      echo "error getting policy: $policy_json"
+      log 2 "error getting policy: $policy_json"
       return 1
     fi
   else
diff --git a/tests/commands/get_object.sh b/tests/commands/get_object.sh
index 56604f2..e509b2f 100644
--- a/tests/commands/get_object.sh
+++ b/tests/commands/get_object.sh
@@ -39,3 +39,24 @@ get_object_with_range() {
   fi
   return 0
 }
+
+get_object_with_user() {
+  if [ $# -ne 6 ]; then
+    log 2 "'get object with user' command requires command type, bucket, key, save location, aws ID, aws secret key"
+    return 1
+  fi
+  local exit_code=0
+  if [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+    get_object_error=$(AWS_ACCESS_KEY_ID="$5" AWS_SECRET_ACCESS_KEY="$6" aws --no-verify-ssl s3api get-object --bucket "$2" --key "$3" "$4" 2>&1) || exit_code=$?
+  else
+    log 2 "'get object with user' command not implemented for '$1'"
+    return 1
+  fi
+  log 5 "put object exit code: $exit_code"
+  if [ $exit_code -ne 0 ]; then
+    log 2 "error getting object: $get_object_error"
+    export get_object_error
+    return 1
+  fi
+  return 0
+}
diff --git a/tests/commands/put_bucket_acl.sh b/tests/commands/put_bucket_acl.sh
index 9e0fb87..33f24ee 100644
--- a/tests/commands/put_bucket_acl.sh
+++ b/tests/commands/put_bucket_acl.sh
@@ -21,4 +21,16 @@ put_bucket_acl() {
     return 1
   fi
   return 0
+}
+
+put_bucket_canned_acl() {
+  if [[ $# -ne 2 ]]; then
+    log 2 "'put bucket canned acl' command requires bucket name, canned ACL"
+    return 1
+  fi
+  if ! error=$(aws --no-verify-ssl s3api put-bucket-acl --bucket "$1" --acl "$2"); then
+    log 2 "error resetting bucket acls: $error"
+    return 1
+  fi
+  return 0
 }
\ No newline at end of file
diff --git a/tests/commands/put_bucket_policy.sh b/tests/commands/put_bucket_policy.sh
index f06617a..21f6462 100644
--- a/tests/commands/put_bucket_policy.sh
+++ b/tests/commands/put_bucket_policy.sh
@@ -5,18 +5,21 @@ put_bucket_policy() {
     log 2 "get bucket policy command requires command type, bucket, policy file"
     return 1
   fi
+  local put_policy_result=0
   if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
-    policy=$(aws --no-verify-ssl s3api put-bucket-policy --bucket "$2" --policy "file://$3" 2>&1) || put_result=$?
+    policy=$(aws --no-verify-ssl s3api put-bucket-policy --bucket "$2" --policy "file://$3" 2>&1) || put_policy_result=$?
   elif [[ $1 == 's3cmd' ]]; then
-    policy=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate setpolicy "$3" "s3://$2" 2>&1) || put_result=$?
+    policy=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate setpolicy "$3" "s3://$2" 2>&1) || put_policy_result=$?
   elif [[ $1 == 'mc' ]]; then
-    policy=$(mc --insecure anonymous set-json "$3" "$MC_ALIAS/$2" 2>&1) || put_result=$?
+    policy=$(mc --insecure anonymous set-json "$3" "$MC_ALIAS/$2" 2>&1) || put_policy_result=$?
   else
     log 2 "command 'put bucket policy' not implemented for '$1'"
     return 1
   fi
-  if [[ $put_result -ne 0 ]]; then
-    log 2 "error putting policy: $policy"
+  if [[ $put_policy_result -ne 0 ]]; then
+    put_bucket_policy_error=$policy
+    log 2 "error putting policy: $put_bucket_policy_error"
+    export put_bucket_policy_error
     return 1
   fi
   return 0
diff --git a/tests/remove_static.sh b/tests/remove_static.sh
index d5c6d16..a3f9d43 100755
--- a/tests/remove_static.sh
+++ b/tests/remove_static.sh
@@ -2,7 +2,6 @@
 
 source ./tests/setup.sh
 source ./tests/util.sh
-source ./tests/commands/delete_bucket.sh
 
 delete_bucket_if_exists() {
   if [[ $# -ne 2 ]]; then
@@ -18,7 +17,7 @@ delete_bucket_if_exists() {
     log 5 "bucket '$2' doesn't exist, skipping"
     return 0
   fi
-  if ! delete_bucket "$1" "$2"; then
+  if ! delete_bucket_recursive "$1" "$2"; then
     log 2 "error deleting bucket"
     return 1
   fi
diff --git a/tests/run_all.sh b/tests/run_all.sh
index 3bee886..80b62a9 100755
--- a/tests/run_all.sh
+++ b/tests/run_all.sh
@@ -17,7 +17,4 @@ fi
 if ! ./tests/run.sh mc; then
   exit 1
 fi
-if ! ./tests/run.sh user; then
-  exit 1
-fi
 exit 0
diff --git a/tests/test_aws.sh b/tests/test_aws.sh
index 2e64a30..6d7e0d4 100755
--- a/tests/test_aws.sh
+++ b/tests/test_aws.sh
@@ -110,7 +110,7 @@ export RUN_USERS=true
   create_test_files "$bucket_file" || fail "error creating test file"
   printf "%s" "$bucket_file_data" > "$test_file_folder"/$bucket_file
 
-  delete_bucket_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
+  delete_bucket_or_contents_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
   # in static bucket config, bucket will still exist
   bucket_exists "s3api" "$BUCKET_ONE_NAME" || local exists_result=$?
   [[ $exists_result -ne 2 ]] || fail "error checking for bucket existence"
@@ -227,18 +227,16 @@ export RUN_USERS=true
   delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
 }
 
-#@test "test_get_object_invalid_range" {
-#  bucket_file="bucket_file"
-#
-#  create_test_files "$bucket_file" || local created=$?
-#  [[ $created -eq 0 ]] || fail "Error creating test files"
-#  setup_bucket "s3api" "$BUCKET_ONE_NAME" || local setup_result=$?
-#  [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
-#  put_object "s3api" "$test_file_folder/$bucket_file" "$BUCKET_ONE_NAME" "$bucket_file" || fail "error putting object"
-#  get_object_with_range "$BUCKET_ONE_NAME" "$bucket_file" "bytes=0-0" "$test_file_folder/$bucket_file-range" || local get_result=$?
-#  [[ $get_result -ne 0 ]] || fail "Get object with zero range returned no error"
-#}
+# get-bucket-location
+@test "test_get_bucket_location" {
+  test_common_get_bucket_location "aws"
+}
 
+# get-bucket-policy - test_get_put_delete_bucket_policy
+
+# get-bucket-tagging - test_set_get_delete_bucket_tags
+
+# get-object
 @test "test_get_object_full_range" {
   bucket_file="bucket_file"
 
@@ -252,6 +250,18 @@ export RUN_USERS=true
   [[ "$(cat "$test_file_folder/$bucket_file-range")" == "9" ]] || fail "byte range not copied properly"
 }
 
+#@test "test_get_object_invalid_range" {
+#  bucket_file="bucket_file"
+#
+#  create_test_files "$bucket_file" || local created=$?
+#  [[ $created -eq 0 ]] || fail "Error creating test files"
+#  setup_bucket "s3api" "$BUCKET_ONE_NAME" || local setup_result=$?
+#  [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
+#  put_object "s3api" "$test_file_folder/$bucket_file" "$BUCKET_ONE_NAME" "$bucket_file" || fail "error putting object"
+#  get_object_with_range "$BUCKET_ONE_NAME" "$bucket_file" "bytes=0-0" "$test_file_folder/$bucket_file-range" || local get_result=$?
+#  [[ $get_result -ne 0 ]] || fail "Get object with zero range returned no error"
+#}
+
 @test "test_put_object" {
   bucket_file="bucket_file"
 
@@ -418,7 +428,7 @@ legal_hold_retention_setup() {
     return 1
   fi
 
-  delete_bucket_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
+  delete_bucket_or_contents_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
   create_user_if_nonexistent "$1" "$2" "user" || fail "error creating user if nonexistent"
   create_test_files "$3" || fail "error creating test files"
 
@@ -709,6 +719,278 @@ legal_hold_retention_setup() {
   delete_test_files $folder_name
 }
 
+#@test "test_put_policy_no_version" {
+#  policy_file="policy_file"
+#
+#  create_test_files "$policy_file" || fail "error creating policy file"
+#
+#  effect="Allow"
+#  principal="*"
+#  action="s3:GetObject"
+#  resource="arn:aws:s3:::$BUCKET_ONE_NAME/*"
+#
+#  cat <<EOF > "$test_file_folder"/$policy_file
+#    {
+#      "Statement": [
+#        {
+#           "Effect": "$effect",
+#           "Principal": "$principal",
+#           "Action": "$action",
+#           "Resource": "$resource"
+#        }
+#      ]
+#    }
+#EOF
+#
+#    setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+#
+#    check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty"
+#
+#    put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
+#
+#    get_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "unable to retrieve policy"
+#}
+
+@test "test_put_policy_invalid_action" {
+  policy_file="policy_file"
+
+  create_test_files "$policy_file" || fail "error creating policy file"
+
+  effect="Allow"
+  principal="*"
+  action="s3:GetObjectt"
+  resource="arn:aws:s3:::$BUCKET_ONE_NAME/*"
+
+  cat <<EOF > "$test_file_folder"/$policy_file
+    {
+      "Statement": [
+        {
+           "Effect": "$effect",
+           "Principal": "$principal",
+           "Action": "$action",
+           "Resource": "$resource"
+        }
+      ]
+    }
+EOF
+
+  setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+
+  check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty"
+
+  if put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file"; then
+    fail "put succeeded despite malformed policy"
+  fi
+  # shellcheck disable=SC2154
+  [[ "$put_bucket_policy_error" == *"MalformedPolicy"*"unsupported action"* ]] || fail "invalid policy error: $put_bucket_policy_error"
+  delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
+  delete_test_files "$policy_file"
+}
+
+@test "test_policy_get_object_with_user" {
+  # TODO (https://github.com/versity/versitygw/issues/637)
+  if [[ $RECREATE_BUCKETS == "false" ]]; then
+    return 0
+  fi
+
+  policy_file="policy_file"
+  username="ABCDEFG"
+  password="HIJKLMN"
+  test_file="test_file"
+
+  create_test_files "$test_file" "$policy_file" || fail "error creating policy file"
+  echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_file"
+
+  effect="Allow"
+  principal="$username"
+  action="s3:GetObject"
+  resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_file"
+
+  if user_exists "$username"; then
+    delete_user "$username" || fail "failed to delete user '$username'"
+  fi
+
+  setup_policy_with_single_statement "$test_file_folder/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
+
+  setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+  put_object "s3api" "$test_file_folder/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object"
+
+  if ! check_for_empty_policy "s3api" "$BUCKET_ONE_NAME"; then
+    delete_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "error deleting policy"
+    check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty after deletion"
+  fi
+
+  if put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file"; then
+    fail "put succeeded despite invalid username"
+  fi
+  [[ "$put_bucket_policy_error" == *"MalformedPolicy"* ]] || fail "invalid policy error: $put_bucket_policy_error"
+
+#  cat <<EOF > "$test_file_folder"/acl_file
+#{
+#  "Grants": [
+#    {
+#      "Grantee": {
+#        "ID": "ABCDEFG",
+#        "Type": "CanonicalUser"
+#      },
+#      "Permission": "READ"
+#    }
+#  ],
+#  "Owner": {
+#    "ID": "$AWS_ACCESS_KEY_ID"
+#  }
+#}
+#EOF
+#
+  #put_bucket_acl "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/acl_file" || fail "error putting acl"
+  #put_bucket_canned_acl "$BUCKET_ONE_NAME" "public-read-write" || fail "error putting acl"
+
+  create_user "$username" "$password" "user" || fail "error creating user"
+  if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password"; then
+    fail "get object with user succeeded despite lack of permissions"
+  fi
+  # shellcheck disable=SC2154
+  [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
+
+  put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
+  #get_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "error getting bucket policy"
+  #log 5 "$bucket_policy"
+  get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password" || fail "error getting object after permissions"
+  compare_files "$test_file_folder/$test_file" "$test_file_folder/$test_file-copy" || fail "files not equal"
+  delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
+}
+
+@test "test_policy_get_object_specific_file" {
+  # TODO (https://github.com/versity/versitygw/issues/637)
+  if [[ $RECREATE_BUCKETS == "false" ]]; then
+    return 0
+  fi
+
+  policy_file="policy_file"
+  test_file="test_file"
+  test_file_two="test_file_two"
+  username="ABCDEFG"
+  password="HIJKLMN"
+
+  create_test_files "$policy_file" "$test_file" "$test_file_two" || fail "error creating policy file"
+  echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_file"
+  echo "$BATS_TEST_NAME-2" >> "$test_file_folder/$test_file_two"
+
+  effect="Allow"
+  principal="$username"
+  action="s3:GetObject"
+  resource="arn:aws:s3:::$BUCKET_ONE_NAME/test_file"
+
+  if user_exists "$username"; then
+    delete_user "$username" || fail "failed to delete user '$username'"
+  fi
+  create_user "$username" "$password" "user" || fail "error creating user"
+
+  setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+  setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
+  put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
+
+  put_object "s3api" "$test_file_folder/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object"
+  put_object "s3api" "$test_file_folder/$test_file_two" "$BUCKET_ONE_NAME" "$test_file_two" || fail "error copying object"
+
+  get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password" || fail "error getting object after permissions"
+  if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$test_file_folder/$test_file_two-copy" "$username" "$password"; then
+    fail "get object with user succeeded despite lack of permissions"
+  fi
+  # shellcheck disable=SC2154
+  [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
+  delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
+}
+
+@test "test_policy_get_object_file_wildcard" {
+  # TODO (https://github.com/versity/versitygw/issues/637)
+  if [[ $RECREATE_BUCKETS == "false" ]]; then
+    return 0
+  fi
+
+  policy_file="policy_file_one"
+  policy_file_two="policy_file_two"
+  policy_file_three="policy_fil"
+  username="ABCDEFG"
+  password="HIJKLMN"
+
+  create_test_files "$policy_file" "$policy_file_two" "$policy_file_three" || fail "error creating policy file"
+  echo "$BATS_TEST_NAME" >> "$test_file_folder/$policy_file"
+
+  effect="Allow"
+  principal="$username"
+  action="s3:GetObject"
+  resource="arn:aws:s3:::$BUCKET_ONE_NAME/policy_file*"
+
+  if user_exists "$username"; then
+    delete_user "$username" || fail "failed to delete user '$username'"
+  fi
+  create_user "$username" "$password" "user" || fail "error creating user account"
+
+  setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+  setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
+  put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
+
+  put_object "s3api" "$test_file_folder/$policy_file" "$BUCKET_ONE_NAME" "$policy_file" || fail "error copying object one"
+  put_object "s3api" "$test_file_folder/$policy_file_two" "$BUCKET_ONE_NAME" "$policy_file_two" || fail "error copying object two"
+  put_object "s3api" "$test_file_folder/$policy_file_three" "$BUCKET_ONE_NAME" "$policy_file_three" || fail "error copying object three"
+
+  get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file" "$test_file_folder/$policy_file" "$username" "$password" || fail "error getting object one after permissions"
+  get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file_two" "$test_file_folder/$policy_file_two" "$username" "$password" || fail "error getting object two after permissions"
+  if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file_three" "$test_file_folder/$policy_file_three" "$username" "$password"; then
+    fail "get object three with user succeeded despite lack of permissions"
+  fi
+  [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
+  delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
+}
+
+@test "test_policy_get_object_folder_wildcard" {
+  # TODO (https://github.com/versity/versitygw/issues/637)
+  if [[ $RECREATE_BUCKETS == "false" ]]; then
+    return 0
+  fi
+
+  policy_file="policy_file"
+  test_folder="test_folder"
+  test_file="test_file"
+  username="ABCDEFG"
+  password="HIJKLMN"
+
+  create_test_folder "$test_folder" || fail "error creating test folder"
+  create_test_files "$test_folder/$test_file" "$policy_file" || fail "error creating policy file, test file"
+  echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_folder/$test_file"
+
+  effect="Allow"
+  principal="$username"
+  action="s3:GetObject"
+  resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_folder/*"
+
+  if user_exists "$username"; then
+    delete_user "$username" || fail "failed to delete user '$username'"
+  fi
+  create_user "$username" "$password" "user" || fail "error creating user"
+
+  setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
+  setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
+  put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
+
+  put_object "s3api" "$test_file_folder/$test_folder/$test_file" "$BUCKET_ONE_NAME" "$test_folder/$test_file" || fail "error copying object to bucket"
+
+  get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$test_file_folder/$test_file" "$username" "$password" || fail "error getting object one after permissions"
+  delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
+  delete_test_files "$test_folder/$test_file" "$policy_file"
+}
+
+# ensure that lists of files greater than a size of 1000 (pagination) are returned properly
+#@test "test_list_objects_file_count" {
+#  test_common_list_objects_file_count "aws"
+#}
+
+#@test "test_filename_length" {
+#  file_name=$(printf "%0.sa" $(seq 1 1025))
+#  echo "$file_name"
+
+
 # ensure that lists of files greater than a size of 1000 (pagination) are returned properly
 #@test "test_list_objects_file_count" {
 #  test_common_list_objects_file_count "aws"
@@ -750,7 +1032,6 @@ legal_hold_retention_setup() {
 }
 
 @test "test_add_object_metadata" {
-
   object_one="object-one"
   test_key="x-test-data"
   test_value="test-value"
@@ -775,7 +1056,3 @@ legal_hold_retention_setup() {
   [[ $value == "\"$test_value\"" ]] || fail "values doesn't match (expected $value, actual \"$test_value\")"
 }
 
-
-@test "test_get_bucket_location" {
-  test_common_get_bucket_location "aws"
-}
diff --git a/tests/test_common.sh b/tests/test_common.sh
index d75733d..0dfb8e3 100644
--- a/tests/test_common.sh
+++ b/tests/test_common.sh
@@ -137,28 +137,24 @@ test_common_put_get_object() {
   fi
 
   local object_name="test-object"
-  create_test_files "$object_name" || local create_result=$?
-  [[ $create_result -eq 0 ]] || fail "Error creating test file"
+
+  create_test_files "$object_name" || fail "error creating test file"
   echo "test data" > "$test_file_folder"/"$object_name"
 
-  setup_bucket "$1" "$BUCKET_ONE_NAME" || local setup_result=$?
-  [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
+  setup_bucket "$1" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
 
-  put_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || local copy_result=$?
-  [[ $copy_result -eq 0 ]] || fail "Failed to add object to bucket"
-  object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || local exists_result_one=$?
-  [[ $exists_result_one -eq 0 ]] || fail "Object not added to bucket"
+  if [[ $1 == 's3' ]]; then
+    copy_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || fail "failed to add object to bucket"
+  else
+    put_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || fail "failed to add object to bucket"
+  fi
+  object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || fail "object not added to bucket"
 
-  get_object "$1" "$BUCKET_ONE_NAME" "$object_name" "$test_file_folder/${object_name}_copy" || local delete_result=$?
-  [[ $delete_result -eq 0 ]] || fail "Failed to delete object"
-  object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || local exists_result_two=$?
-  [[ $exists_result_two -eq 1 ]] || fail "Object not removed from bucket"
-
-  compare_files "$test_file_folder"/"$object_name" "$test_file_folder/${object_name}_copy" || compare_result=$?
-  [[ $compare_result -ne 0 ]] || fail "objects are different"
+  get_object "$1" "$BUCKET_ONE_NAME" "$object_name" "$test_file_folder/${object_name}_copy" || fail "failed to get object"
+  compare_files "$test_file_folder"/"$object_name" "$test_file_folder/${object_name}_copy" || fail "objects are different"
 
   delete_bucket_or_contents "$1" "$BUCKET_ONE_NAME"
-  delete_test_files "$test_file_folder/$object_name" "$test_file_folder/${object_name}_copy"
+  delete_test_files "$object_name" "${object_name}_copy"
 }
 
 test_common_get_set_versioning() {
@@ -440,12 +436,10 @@ test_common_get_bucket_location() {
 
 test_common_put_bucket_acl() {
   [[ $# -eq 1 ]] || fail "test common put bucket acl missing command type"
-  setup_bucket "$1" "$BUCKET_ONE_NAME" || local created=$?
-  [[ $created -eq 0 ]] || fail "Error creating bucket"
+  setup_bucket "$1" "$BUCKET_ONE_NAME" || fail "error creating bucket"
 
   if ! user_exists "ABCDEFG"; then
-    create_user "ABCDEFG" "HIJKLMN" user || create_result=$?
-    [[ $create_result -eq 0 ]] || fail "Error creating user"
+    create_user "ABCDEFG" "HIJKLMN" user || fail "error creating user"
   fi
 
   get_bucket_acl "$1" "$BUCKET_ONE_NAME" || local result=$?
@@ -480,8 +474,7 @@ cat <<EOF > "$test_file_folder"/"$acl_file"
   }
 EOF
 
-  put_bucket_acl "$1" "$BUCKET_ONE_NAME" "$test_file_folder"/"$acl_file" || local put_result=$?
-  [[ $put_result -eq 0 ]] || fail "Error putting acl"
+  put_bucket_acl "$1" "$BUCKET_ONE_NAME" "$test_file_folder"/"$acl_file" || fail "error putting acl"
 
   get_bucket_acl "$1" "$BUCKET_ONE_NAME" || local result=$?
   [[ $result -eq 0 ]] || fail "Error retrieving acl"
diff --git a/tests/test_mc.sh b/tests/test_mc.sh
index ee61bb2..267f7a4 100755
--- a/tests/test_mc.sh
+++ b/tests/test_mc.sh
@@ -38,13 +38,30 @@ export RUN_MC=true
 
 # delete-object - put-object tests
 
-# delete-objects - test setup/teardown
-
 # delete-object-tagging
 @test "test_delete_object_tagging" {
   test_common_delete_object_tagging "mc"
 }
 
+# delete-objects - test setup/teardown
+
+# get-bucket-location
+@test "test_get_bucket_location" {
+  test_common_get_bucket_location "mc"
+}
+
+# get-bucket-policy - test_get_put_delete_bucket_policy
+
+# get-bucket-tagging
+@test "test_set_get_object_tags_mc" {
+  test_common_set_get_object_tags "mc"
+}
+
+# get-object
+@test "test_put_get_object" {
+  test_common_put_get_object "mc"
+}
+
 @test "test_put_object-with-data-mc" {
   test_common_put_object_with_data "mc"
 }
@@ -61,9 +78,6 @@ export RUN_MC=true
   test_common_list_objects "mc"
 }
 
-@test "test_set_get_object_tags_mc" {
-  test_common_set_get_object_tags "mc"
-}
 
 @test "test_presigned_url_utf8_chars_mc" {
   test_common_presigned_url_utf8_chars "mc"
@@ -104,6 +118,3 @@ export RUN_MC=true
 }
 
 
-@test "test_get_bucket_location" {
-  test_common_get_bucket_location "mc"
-}
diff --git a/tests/test_s3.sh b/tests/test_s3.sh
index 57e2ad7..83b645a 100755
--- a/tests/test_s3.sh
+++ b/tests/test_s3.sh
@@ -23,6 +23,11 @@ source ./tests/test_common.sh
 
 # delete-objects - tested with recursive bucket delete
 
+# get-object
+@test "test_copy_get_object" {
+  test_common_put_get_object "s3"
+}
+
 @test "test_put_object" {
   test_common_put_object_no_data "s3"
 }
@@ -34,7 +39,3 @@ source ./tests/test_common.sh
 @test "test_list_objects_file_count" {
   test_common_list_objects_file_count "s3"
 }
-
-@test "test_put_get_object" {
-  test_common_put_get_object "s3"
-}
\ No newline at end of file
diff --git a/tests/test_s3cmd.sh b/tests/test_s3cmd.sh
index ca7d97e..9a804ce 100755
--- a/tests/test_s3cmd.sh
+++ b/tests/test_s3cmd.sh
@@ -10,6 +10,7 @@ source ./tests/commands/get_bucket_policy.sh
 source ./tests/commands/put_bucket_policy.sh
 
 export RUN_S3CMD=true
+export RUN_USERS=true
 
 # complete-multipart-upload
 @test "test_complete_multipart_upload" {
@@ -52,6 +53,26 @@ export RUN_S3CMD=true
 
 # get-bucket-acl - test_put_bucket_acl
 
+# get-bucket-location
+@test "test_get_bucket_location" {
+  test_common_get_bucket_location "s3cmd"
+}
+
+# get-bucket-policy - test_get_put_delete_bucket_policy
+
+# get-object
+@test "test_put_get_object" {
+  test_common_put_get_object "s3cmd"
+}
+
+@test "test_put_object_with_data" {
+  test_common_put_object_with_data "s3cmd"
+}
+
+@test "test_put_object_no_data" {
+  test_common_put_object_no_data "s3cmd"
+}
+
 #@test "test_put_bucket_acl" {
 #  test_common_put_bucket_acl "s3cmd"
 #}
@@ -73,7 +94,6 @@ export RUN_S3CMD=true
   test_common_list_objects_file_count "s3cmd"
 }
 
-
 @test "test_get_bucket_info_s3cmd" {
   setup_bucket "s3cmd" "$BUCKET_ONE_NAME" || local setup_result=$?
   [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
@@ -82,15 +102,6 @@ export RUN_S3CMD=true
   delete_bucket_or_contents "s3cmd" "$BUCKET_ONE_NAME"
 }
 
-# put-object
-@test "test_put_object_with_data" {
-  test_common_put_object_with_data "s3cmd"
-}
-
-@test "test_put_object_no_data" {
-  test_common_put_object_no_data "s3cmd"
-}
-
 @test "test_get_bucket_info_doesnt_exist_s3cmd" {
   setup_bucket "s3cmd" "$BUCKET_ONE_NAME" || local setup_result=$?
   [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
@@ -100,6 +111,3 @@ export RUN_S3CMD=true
   delete_bucket_or_contents "s3cmd" "$BUCKET_ONE_NAME"
 }
 
-@test "test_get_bucket_location" {
-  test_common_get_bucket_location "s3cmd"
-}
diff --git a/tests/util.sh b/tests/util.sh
index 15b3d42..3fbbc93 100644
--- a/tests/util.sh
+++ b/tests/util.sh
@@ -8,12 +8,14 @@ source ./tests/commands/complete_multipart_upload.sh
 source ./tests/commands/create_multipart_upload.sh
 source ./tests/commands/create_bucket.sh
 source ./tests/commands/delete_bucket.sh
+source ./tests/commands/delete_bucket_policy.sh
 source ./tests/commands/delete_object.sh
 source ./tests/commands/get_bucket_tagging.sh
 source ./tests/commands/get_object_tagging.sh
 source ./tests/commands/head_bucket.sh
 source ./tests/commands/head_object.sh
 source ./tests/commands/list_objects.sh
+source ./tests/commands/put_bucket_acl.sh
 source ./tests/commands/upload_part_copy.sh
 
 # recursively delete an AWS bucket
@@ -144,28 +146,34 @@ bucket_exists() {
 # return:  0 for success, 1 for failure
 delete_bucket_or_contents() {
   if [ $# -ne 2 ]; then
-    echo "delete bucket or contents function requires command type, bucket name"
+    log 2 "delete bucket or contents function requires command type, bucket name"
     return 1
   fi
   if [[ $RECREATE_BUCKETS == "false" ]]; then
-    delete_bucket_contents "$1" "$2" || local delete_result=$?
-    if [[ $delete_result -ne 0 ]]; then
-      echo "error deleting bucket contents"
+    if ! delete_bucket_contents "$1" "$2"; then
+      log 2 "error deleting bucket contents"
       return 1
     fi
-    log 5 "bucket contents deletion success"
+    if ! delete_bucket_policy "s3api" "$2"; then
+      log 2 "error deleting bucket policies"
+      return 1
+    fi
+    if ! put_bucket_canned_acl "$2" "private"; then
+      log 2 "error resetting bucket ACLs"
+      return 1
+    fi
+    log 5 "bucket contents, policy, ACL deletion success"
     return 0
   fi
-  delete_bucket_recursive "$1" "$2" || local delete_result=$?
-  if [[ $delete_result -ne 0 ]]; then
-    echo "Bucket deletion error"
+  if ! delete_bucket_recursive "$1" "$2"; then
+    log 2 "Bucket deletion error"
     return 1
   fi
   log 5 "bucket deletion success"
   return 0
 }
 
-delete_bucket_if_exists() {
+delete_bucket_or_contents_if_exists() {
   if [ $# -ne 2 ]; then
     log 2 "bucket creation function requires command type, bucket name"
     return 1
@@ -201,7 +209,7 @@ setup_bucket() {
     log 2 "bucket creation function requires command type, bucket name"
     return 1
   fi
-  delete_bucket_if_exists "$1" "$2" || local delete_bucket_result=$?
+  delete_bucket_or_contents_if_exists "$1" "$2" || local delete_bucket_result=$?
   if [[ $delete_bucket_result -ne 0 ]]; then
     log 2 "error deleting bucket, or checking for bucket existence"
     return 1
diff --git a/tests/util_policy.sh b/tests/util_policy.sh
index b364b91..c52696b 100644
--- a/tests/util_policy.sh
+++ b/tests/util_policy.sh
@@ -6,23 +6,44 @@ check_for_empty_policy() {
     return 1
   fi
 
-  local get_result=0
-  get_bucket_policy "$1" "$2" || get_result=$?
-  if [[ $get_result -ne 0 ]]; then
-    echo "error getting bucket policy"
+  if ! get_bucket_policy "$1" "$2"; then
+    log 2 "error getting bucket policy"
     return 1
   fi
+  # shellcheck disable=SC2154
+  log 5 "bucket policy: $bucket_policy"
 
   # shellcheck disable=SC2154
   if [[ $bucket_policy == "" ]]; then
     return 0
   fi
 
-  policy=$(echo "$bucket_policy" | jq -r '.Policy')
-  statement=$(echo "$policy" | jq -r '.Statement[0]')
+  #policy=$(echo "$bucket_policy" | jq -r '.Policy')
+  statement=$(echo "$bucket_policy" | jq -r '.Statement[0]')
+  log 5 "statement: $statement"
   if [[ "" != "$statement" ]] && [[ "null" != "$statement" ]]; then
     echo "policy should be empty (actual value: '$statement')"
     return 1
   fi
   return 0
-}
\ No newline at end of file
+}
+
+setup_policy_with_single_statement() {
+  if [[ $# -ne 6 ]]; then
+    "'setup single policy' command requires file, version, effect, principal, action, resource"
+  fi
+  cat <<EOF > "$1"
+{
+  "Version": "$2",
+  "Statement": [
+    {
+       "Effect": "$3",
+       "Principal": "$4",
+       "Action": "$5",
+       "Resource": "$6"
+    }
+  ]
+}
+EOF
+log 5 "$(cat "$1")"
+}
diff --git a/tests/util_users.sh b/tests/util_users.sh
index 3ab59db..c2a37f3 100644
--- a/tests/util_users.sh
+++ b/tests/util_users.sh
@@ -2,12 +2,11 @@
 
 create_user() {
   if [[ $# -ne 3 ]]; then
-    echo "create user command requires user ID, key, and role"
+    log 2 "create user command requires user ID, key, and role"
     return 1
   fi
-  create_user_with_user "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$1" "$2" "$3" || create_result=$?
-  if [[ $create_result -ne 0 ]]; then
-    echo "error creating user: $error"
+  if ! create_user_with_user "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$1" "$2" "$3"; then
+    log 2 "error creating user"
     return 1
   fi
   return 0
@@ -28,12 +27,11 @@ create_user_if_nonexistent() {
 
 create_user_with_user() {
   if [[ $# -ne 5 ]]; then
-    echo "create user with user command requires creator ID, key, and new user ID, key, and role"
+    log 2 "create user with user command requires creator ID, key, and new user ID, key, and role"
     return 1
   fi
-  error=$($VERSITY_EXE admin --allow-insecure --access "$1" --secret "$2" --endpoint-url "$AWS_ENDPOINT_URL" create-user --access "$3" --secret "$4" --role "$5") || local create_result=$?
-  if [[ $create_result -ne 0 ]]; then
-    echo "error creating user: $error"
+  if ! error=$($VERSITY_EXE admin --allow-insecure --access "$1" --secret "$2" --endpoint-url "$AWS_ENDPOINT_URL" create-user --access "$3" --secret "$4" --role "$5" 2>&1); then
+    log 2 "error creating user: $error"
     return 1
   fi
   return 0