X is not a valid user to access the production environment but he has full permission to access, Y is having right access but he was unable to access. The correctness can ensured from which service
Configuration
Analysis support
Security
This is not part of OAT as it is part of functional testing.