diff --git a/eacl/validator_test.go b/eacl/validator_test.go
index 4cae364..f02857a 100644
--- a/eacl/validator_test.go
+++ b/eacl/validator_test.go
@@ -4,9 +4,47 @@ import (
 	"math/rand"
 	"testing"
 
+	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/stretchr/testify/require"
+	"go.uber.org/zap/zaptest"
 )
 
+func TestOperationMatch(t *testing.T) {
+	tgt := NewTarget()
+	tgt.SetRole(RoleOthers)
+
+	t.Run("single operation", func(t *testing.T) {
+		tb := NewTable()
+		tb.AddRecord(newRecord(ActionDeny, OperationPut, tgt))
+		tb.AddRecord(newRecord(ActionAllow, OperationGet, tgt))
+
+		v := newValidator(t, tb)
+		vu := newValidationUnit(RoleOthers, nil)
+
+		vu.op = OperationPut
+		require.Equal(t, ActionDeny, v.CalculateAction(vu))
+
+		vu.op = OperationGet
+		require.Equal(t, ActionAllow, v.CalculateAction(vu))
+	})
+
+	t.Run("unknown operation", func(t *testing.T) {
+		tb := NewTable()
+		tb.AddRecord(newRecord(ActionDeny, OperationUnknown, tgt))
+		tb.AddRecord(newRecord(ActionAllow, OperationGet, tgt))
+
+		v := newValidator(t, tb)
+		vu := newValidationUnit(RoleOthers, nil)
+
+		// TODO discuss if both next tests should result in DENY
+		vu.op = OperationPut
+		require.Equal(t, ActionAllow, v.CalculateAction(vu))
+
+		vu.op = OperationGet
+		require.Equal(t, ActionAllow, v.CalculateAction(vu))
+	})
+}
+
 func TestTargetMatches(t *testing.T) {
 	pubs := makeKeys(t, 3)
 
@@ -48,6 +86,28 @@ func makeKeys(t *testing.T, n int) [][]byte {
 	return pubs
 }
 
+func newRecord(a Action, op Operation, tgt ...*Target) *Record {
+	r := NewRecord()
+	r.SetAction(a)
+	r.SetOperation(op)
+	r.SetTargets(tgt...)
+	return r
+}
+
+type dummySource struct {
+	tb *Table
+}
+
+func (d dummySource) GetEACL(*cid.ID) (*Table, error) {
+	return d.tb, nil
+}
+
+func newValidator(t *testing.T, tb *Table) *Validator {
+	return NewValidator(
+		WithLogger(zaptest.NewLogger(t)),
+		WithEACLSource(dummySource{tb}))
+}
+
 func newValidationUnit(role Role, key []byte) *ValidationUnit {
 	return &ValidationUnit{
 		role: role,