diff --git a/packages/backend-core/src/security/permissions.ts b/packages/backend-core/src/security/permissions.ts
index 42189bba0c..1daf7d7067 100644
--- a/packages/backend-core/src/security/permissions.ts
+++ b/packages/backend-core/src/security/permissions.ts
@@ -34,7 +34,7 @@ class Permission {
   }
 }
 
-function levelToNumber(perm: PermissionLevel) {
+export function levelToNumber(perm: PermissionLevel) {
   switch (perm) {
     // not everything has execute privileges
     case PermissionLevel.EXECUTE:
diff --git a/packages/backend-core/src/security/tests/permissions.spec.ts b/packages/backend-core/src/security/tests/permissions.spec.ts
new file mode 100644
index 0000000000..e77394d947
--- /dev/null
+++ b/packages/backend-core/src/security/tests/permissions.spec.ts
@@ -0,0 +1,74 @@
+import {
+  doesHaveBasePermission,
+  getBuiltinPermissionByID,
+  isPermissionLevelHigherThanRead,
+  PermissionLevel,
+  PermissionType,
+  levelToNumber,
+} from "../permissions"
+
+describe("levelToNumber", () => {
+  it("should return 0 for EXECUTE", () => {
+    expect(levelToNumber(PermissionLevel.EXECUTE)).toBe(0)
+  })
+
+  it("should return 1 for READ", () => {
+    expect(levelToNumber(PermissionLevel.READ)).toBe(1)
+  })
+
+  it("should return 2 for WRITE", () => {
+    expect(levelToNumber(PermissionLevel.WRITE)).toBe(2)
+  })
+
+  it("should return 3 for ADMIN", () => {
+    expect(levelToNumber(PermissionLevel.ADMIN)).toBe(3)
+  })
+
+  it("should return -1 for an unknown permission level", () => {
+    expect(levelToNumber("unknown" as PermissionLevel)).toBe(-1)
+  })
+})
+describe("getBuiltinPermissionByID", () => {
+  it("should return the correct permission object", () => {
+    const id = "123"
+    const permission = { _id: id, name: "Test Permission" }
+    expect(getBuiltinPermissionByID(id)).toEqual(permission)
+    expect(getBuiltinPermissionByID("456")).toBeUndefined()
+  })
+})
+
+describe("doesHaveBasePermission", () => {
+  it("should return true if base permission has the required level", () => {
+    const permType = PermissionType.APP
+    const permLevel = PermissionLevel.READ
+    const rolesHierarchy = [
+      { roleId: "role1", permissionId: "permission1" },
+      { roleId: "role2", permissionId: "permission2" },
+    ]
+    expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe(
+      true
+    )
+  })
+
+  it("should return false if base permission does not have the required level", () => {
+    const permType = PermissionType.APP
+    const permLevel = PermissionLevel.READ
+    const rolesHierarchy = [
+      { roleId: "role1", permissionId: "permission1" },
+      { roleId: "role2", permissionId: "permission2" },
+    ]
+    expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe(
+      false
+    )
+  })
+})
+
+describe("isPermissionLevelHigherThanRead", () => {
+  it("should return true if level is higher than read", () => {
+    expect(isPermissionLevelHigherThanRead(PermissionLevel.WRITE)).toBe(true)
+  })
+
+  it("should return false if level is read or lower", () => {
+    expect(isPermissionLevelHigherThanRead(PermissionLevel.READ)).toBe(false)
+  })
+})