From 4924a6f11cd39fba075968894efaa37ab43f6cd7 Mon Sep 17 00:00:00 2001
From: Thiago Uehara <tuehara@daitan.com>
Date: Fri, 13 Aug 2021 18:14:29 -0300
Subject: [PATCH 1/2] Fix create user with default security permissions

---
 ns1/permissions.go | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ns1/permissions.go b/ns1/permissions.go
index f68fcc59..6d15b9e0 100644
--- a/ns1/permissions.go
+++ b/ns1/permissions.go
@@ -345,16 +345,13 @@ func resourceDataToPermissions(d *schema.ResourceData) account.PermissionsMap {
 	if v, ok := d.GetOk("monitoring_view_jobs"); ok {
 		p.Monitoring.ViewJobs = v.(bool)
 	}
+	if p.Security == nil {
+		p.Security = &account.PermissionsSecurity{}
+	}
 	if v, ok := d.GetOk("security_manage_global_2fa"); ok {
-		if p.Security == nil {
-			p.Security = &account.PermissionsSecurity{}
-		}
 		p.Security.ManageGlobal2FA = v.(bool)
 	}
 	if v, ok := d.GetOk("security_manage_active_directory"); ok {
-		if p.Security == nil {
-			p.Security = &account.PermissionsSecurity{}
-		}
 		p.Security.ManageActiveDirectory = v.(bool)
 	}
 	if v, ok := d.GetOk("dhcp_manage_dhcp"); ok {

From be5aa2fc610fa611d8b4f4fc3eaa1efaa46d56e1 Mon Sep 17 00:00:00 2001
From: Thiago Uehara <tuehara@daitan.com>
Date: Fri, 20 Aug 2021 15:21:33 -0300
Subject: [PATCH 2/2] Added tests for security permission

---
 ns1/resource_user_test.go | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/ns1/resource_user_test.go b/ns1/resource_user_test.go
index 86444276..dd46de6c 100644
--- a/ns1/resource_user_test.go
+++ b/ns1/resource_user_test.go
@@ -111,6 +111,18 @@ func TestAccUser_permissions(t *testing.T) {
 					resource.TestCheckResourceAttr("ns1_user.u", "account_manage_ip_whitelist", "true"),
 				),
 			},
+			{
+				Config: testAccUserSecurityPermissionsNoTeam(rString),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckUserExists("ns1_user.u", &user),
+					resource.TestCheckResourceAttr("ns1_user.u", "email", "tf_acc_test_ns1@hashicorp.com"),
+					resource.TestCheckResourceAttr("ns1_user.u", "name", name),
+					resource.TestCheckResourceAttr("ns1_user.u", "username", username),
+					resource.TestCheckResourceAttr("ns1_user.u", "account_manage_account_settings", "false"),
+					resource.TestCheckResourceAttr("ns1_user.u", "account_manage_ip_whitelist", "true"),
+					resource.TestCheckResourceAttr("ns1_user.u", "security_manage_global_2fa", "false"),
+				),
+			},
 			{
 				Config: testAccUserPermissionsOnTeam(rString),
 				Check: resource.ComposeTestCheckFunc(
@@ -671,6 +683,27 @@ resource "ns1_user" "u" {
 `, rString, rString, rString)
 }
 
+func testAccUserSecurityPermissionsNoTeam(rString string) string {
+	return fmt.Sprintf(`resource "ns1_team" "t" {
+  name = "terraform acc test team %s"
+  account_manage_account_settings = true
+}
+
+resource "ns1_user" "u" {
+  name = "terraform acc test user %s"
+  username = "tf_acc_test_user_%s"
+  email = "tf_acc_test_ns1@hashicorp.com"
+
+  notify = {
+    billing = false
+  }
+
+  account_manage_ip_whitelist = true
+  security_manage_global_2fa = false
+}
+`, rString, rString, rString)
+}
+
 // Explicitly sets the users team to []
 func testAccUserPermissionsEmptyTeam(rString string) string {
 	return fmt.Sprintf(`resource "ns1_team" "t" {