diff --git a/modules/portal/test/controllers/FrontendControllerSpec.scala b/modules/portal/test/controllers/FrontendControllerSpec.scala
index 2e97f589a..9fe9ade7f 100644
--- a/modules/portal/test/controllers/FrontendControllerSpec.scala
+++ b/modules/portal/test/controllers/FrontendControllerSpec.scala
@@ -238,6 +238,32 @@ class FrontendControllerSpec extends Specification with Mockito with TestApplica
       }
     }
 
+    "Get for '/recordsets'" should {
+      "redirect to the login page when a user is not logged in" in new WithApplication(app) {
+        val result = underTest.viewRecordSets()(FakeRequest(GET, "/recordsets"))
+        status(result) must equalTo(SEE_OTHER)
+        headers(result) must contain("Location" -> "/login?target=/recordsets")
+      }
+      "render the recordset view page when the user is logged in" in new WithApplication(app) {
+        val result =
+          underTest.viewRecordSets()(
+            FakeRequest(GET, "/recordsets").withSession("username" -> "frodo").withCSRFToken
+          )
+        status(result) must beEqualTo(OK)
+        contentType(result) must beSome.which(_ == "text/html")
+        contentAsString(result) must contain("RecordSets | VinylDNS")
+      }
+      "redirect to the no access page when a user is locked out" in new WithApplication(app) {
+        val result =
+          lockedUserUnderTest.viewRecordSets()(
+            FakeRequest(GET, "/recordsets")
+              .withSession("username" -> "lockedFbaggins")
+              .withCSRFToken
+          )
+        headers(result) must contain("Location" -> "/noaccess")
+      }
+    }
+
     "Get for login" should {
       "with ldap enabled" should {
         "render the login page when the user is not logged in" in new WithApplication(app) {
diff --git a/modules/portal/test/controllers/VinylDNSSpec.scala b/modules/portal/test/controllers/VinylDNSSpec.scala
index 3067874d9..c3075055b 100644
--- a/modules/portal/test/controllers/VinylDNSSpec.scala
+++ b/modules/portal/test/controllers/VinylDNSSpec.scala
@@ -1947,6 +1947,37 @@ class VinylDNSSpec extends Specification with Mockito with TestApplicationData w
       }
     }
 
+    ".listRecordSetChangeHistory" should {
+      "return unauthorized (401) if requesting user is not logged in" in new WithApplication(app) {
+        val client = mock[WSClient]
+        val underTest = withClient(client)
+        val result =
+          underTest.listRecordSetChangeHistory()(
+            FakeRequest(GET, s"/api/recordsetchange/history")
+          )
+
+        status(result) mustEqual 401
+        hasCacheHeaders(result)
+        contentAsString(result) must beEqualTo("You are not logged in. Please login to continue.")
+      }
+      "return forbidden (403) if user account is locked" in new WithApplication(app) {
+        val client = mock[WSClient]
+        val underTest = withLockedClient(client)
+        val result = underTest.listRecordSetChangeHistory()(
+          FakeRequest(GET, s"/api/recordsetchange/history").withSession(
+            "username" -> lockedFrodoUser.userName,
+            "accessKey" -> lockedFrodoUser.accessKey
+          )
+        )
+
+        status(result) mustEqual 403
+        hasCacheHeaders(result)
+        contentAsString(result) must beEqualTo(
+          s"User account for `${lockedFrodoUser.userName}` is locked."
+        )
+      }
+    }
+
     ".addZone" should {
       "return unauthorized (401) if requesting user is not logged in" in new WithApplication(app) {
         val client = mock[WSClient]