Prerequisites: Outgoing mail server setup (using Mailcatcher would be alright). Setup Parent role . In addition to the other capabilities, set " tool/dataprivacy:makedatarequestsforchildren " to allow. Create users p1, s1, s2. Assign p1 as the parent of s1. Test Login as s2. Go to your profile page and create a data request to export your user data. Login as p1. Go to your profile page and create a data request on behalf of s1. Run cron: php admin/cli/cron.php Login as admin (or a user with a DPO role if it's already set up) Approve the data requests for s1 and s2 Run cron again. Check the email you received for s1. Copy the Download link. Open a different browser (or use incognito mode). Paste the download link into your browser. Confirm that you are being asked to log in. Log in as s2. Confirm that you get an error that you don't have the capability to download s1's data. Log out. Paste the download link again on your browser, but this time, log in as s1. Confirm that you are able to download the exported user data archive. Log out. Paste the download link again on your browser, but this time, log in as s1. Confirm that you are able to download the exported user data archive for s1. Check the email for s2 and copy the download link. Still logged in as p1, paste the download link into your browser. Confirm that you get an error that you don't have the capability to download s2's data.