diff --git a/src/main/java/framework/api/enums/HttpStatus.java b/src/main/java/framework/api/enums/HttpStatus.java
index 43666dcf45b186c74ad16e28cba586fcc769b2d9..8c0d92dbc146badab245aea0aa51c6508ad0c0dc 100644
--- a/src/main/java/framework/api/enums/HttpStatus.java
+++ b/src/main/java/framework/api/enums/HttpStatus.java
@@ -6,6 +6,7 @@ public enum HttpStatus {
     CREATED(201, "Created"),
     DELETED(204, "Deleted"),
     BAD_REQUEST(400, "Bad Request"),
+    FORBIDDEN(403, "Forbidden"),
     NOT_FOUND(404, "Not Found");
 
     private final int code;
diff --git a/src/test/java/features/api/simplOpen/Authority.feature b/src/test/java/features/api/simplOpen/Authority.feature
index 37a7b117162b98b441e5397cfa008ddb9e6696a0..aa1bd29c53234461751fd40db1366826cf194743 100644
--- a/src/test/java/features/api/simplOpen/Authority.feature
+++ b/src/test/java/features/api/simplOpen/Authority.feature
@@ -46,3 +46,12 @@ Feature: Authority API scenarios
     And the user searches for the identity attribute by ID
     Then the response body contains the expected Identity Attribute's details
 
+  @TCA04_API @SIMPL-4072
+  Scenario: Attempt to Delete Assigned Identity Attribute via API - Deletion forbidden
+    Given a user with role "IATTR_M" is logged in to governance authority
+    When the user searches for the identity attribute
+    And the user saves an ID of the first found identity attribute
+    And the user deletes the Identity Attribute he found
+    Then the system doesn't allow to do that
+    And the response body contains appropriate response message:
+      | error | The deletion of an assigned identity attribute is not allowed. |
diff --git a/src/test/java/stepDefinitions/api/simplOpen/AuthoritySteps.java b/src/test/java/stepDefinitions/api/simplOpen/AuthoritySteps.java
index 3bb997946069a2eeb21fc3f4f074585c37afe162..dc383ea2e0c620573dbd52a235c68c7c0781780d 100644
--- a/src/test/java/stepDefinitions/api/simplOpen/AuthoritySteps.java
+++ b/src/test/java/stepDefinitions/api/simplOpen/AuthoritySteps.java
@@ -1,11 +1,9 @@
 package stepDefinitions.api.simplOpen;
 
-import com.google.gson.Gson;
+import com.google.gson.*;
 import framework.api.services.securityattributesprovider.objects.IdentityAttribute;
 import framework.api.services.securityattributesprovider.IdentityAttributeRequestBuilder;
 
-import com.google.gson.JsonArray;
-import com.google.gson.JsonObject;
 import framework.api.helpers.RequestHandler;
 import framework.api.enums.*;
 import framework.api.helpers.ApiSetup;
@@ -29,6 +27,7 @@ public class AuthoritySteps {
     private RequestHandler requestHandler;
     private ApiEndpoint identityAttributeEndpoint;
     private IdentityAttribute identityAttribute = new IdentityAttribute();
+    private String savedIdentityAttributeId;
     private final List<String> createdIdentityAttributesIDs = new ArrayList<>();
 
     @Before("@AuthorityAPI")
@@ -96,6 +95,41 @@ public class AuthoritySteps {
         identityAttribute = gson.fromJson(updatedIdentityAttribute, IdentityAttribute.class);
     }
 
+    @When("the user searches for the identity attribute by ID")
+    public void theUserSearchesForTheIdentityAttributeByID() {
+        requestHandler.sendRequest(HttpMethod.GET,
+                ApiEndpoint.IDENTITY_ATTRIBUTE.getPath() + "/" + createdIdentityAttributesIDs.get(0));
+    }
+
+    @When("the user searches for the identity attribute")
+    public void theUserSearchesForTheIdentityAttribute() {
+        requestHandler.sendRequest(HttpMethod.GET, ApiEndpoint.IDENTITY_ATTRIBUTE.getPath() + "/search");
+    }
+
+    @When("the user saves an ID of the first found identity attribute")
+    public void theUserSavesIDOfTheIdentityAttribute() {
+        Gson gson = new Gson();
+
+        JsonObject responseBody = requestHandler.getLastResponseBody();
+        assertTrue("Response does not contain 'Identity Attributes' list", responseBody.has("content"));
+
+        JsonArray participantsArray = responseBody.getAsJsonArray("content");
+        assertNotEquals("Identity Attributes list is empty", 0, participantsArray.size());
+
+        List<IdentityAttribute> identityAttributes = new ArrayList<>();
+        for (JsonElement element : participantsArray) {
+            identityAttributes.add(gson.fromJson(element, IdentityAttribute.class));
+        }
+
+        IdentityAttribute firstIdentityAttribute = identityAttributes.get(0);
+        savedIdentityAttributeId = firstIdentityAttribute.getId();
+    }
+
+    @When("the user deletes the Identity Attribute he found")
+    public void theUserDeletesTheIdentityAttribute() {
+        requestHandler.sendRequest(HttpMethod.DELETE, ApiEndpoint.IDENTITY_ATTRIBUTE.getPath() + "/" + savedIdentityAttributeId);
+    }
+
     @Then("the update is performed successfully")
     public void theUpdateIsPerformedSuccessfully() {
         int actualStatusCode = requestHandler.getLastStatusCode();
@@ -153,12 +187,6 @@ public class AuthoritySteps {
         assertEquals(expectedStatusCode, actualStatusCode);
     }
 
-    @When("the user searches for the identity attribute by ID")
-    public void theUserSearchesForTheIdentityAttributeByID() {
-        requestHandler.sendRequest(HttpMethod.GET,
-                ApiEndpoint.IDENTITY_ATTRIBUTE.getPath() + "/" + createdIdentityAttributesIDs.get(0));
-    }
-
     @Then("the identity attribute is correctly retrieved")
     public void theIdentityAttributeIsCorrectlyRetrieved() {
         Gson gson = new Gson();
@@ -167,6 +195,30 @@ public class AuthoritySteps {
         assertEquals(identityAttribute, identityAttributeRetrieved);
     }
 
+    @Then("the system doesn't allow to do that")
+    public void theSystemDoesntAllowToDoThat() {
+        int actualStatusCode = requestHandler.getLastStatusCode();
+        int expectedStatusCode = HttpStatus.FORBIDDEN.getCode();
+
+        assertEquals("Mismatch in status code", expectedStatusCode, actualStatusCode);
+    }
+
+    @Then("the response body contains appropriate response message:")
+    public void theResponseBodyContainsAppropriateResponseMessage(DataTable expectedData) {
+        String responseBody = requestHandler.getLastResponseBody().toString();
+        JsonObject jsonResponse = JsonParser.parseString(responseBody).getAsJsonObject();
+
+        Map<String, String> expectedValues = expectedData.asMap(String.class, String.class);
+
+        for (Map.Entry<String, String> entry : expectedValues.entrySet()) {
+            String expectedKey = entry.getKey();
+            String expectedValue = entry.getValue();
+
+            assertTrue("Response does not contain key: " + expectedKey, jsonResponse.has(expectedKey));
+            assertEquals("Mismatch in response value for key: " + expectedKey, expectedValue, jsonResponse.get(expectedKey).getAsString());
+        }
+    }
+
     @After(value = "@AuthorityAPI", order = 2)
     public void deleteIdentityAttribute() {
         for (String id : createdIdentityAttributesIDs) {