diff --git a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java
index a896376d4d..9f9da4366c 100644
--- a/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java
+++ b/src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java
@@ -17,6 +17,7 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import org.opensearch.script.mustache.MustacheModulePlugin;
 import org.opensearch.test.framework.TestSecurityConfig;
 import org.opensearch.test.framework.TestSecurityConfig.Role;
 import org.opensearch.test.framework.cluster.ClusterManager;
@@ -44,10 +45,20 @@ public class PrivilegesEvaluatorTest {
         new Role("negated_regex_role").indexPermissions("read").on("/^[a-z].*/").clusterPermissions("cluster_composite_ops")
     );
 
+    protected final static TestSecurityConfig.User SEARCH_TEMPLATE = new TestSecurityConfig.User("search_template_user").roles(
+        new Role("search_template_role").indexPermissions("read").on("services").clusterPermissions("cluster_composite_ops")
+    );
+
+    private String TEST_QUERY =
+        "{\"source\":{\"query\":{\"match\":{\"service\":\"{{service_name}}\"}}},\"params\":{\"service_name\":\"Oracle\"}}";
+
+    private String TEST_DOC = "{\"source\": {\"title\": \"Spirited Away\"}}";
+
     @ClassRule
     public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS)
         .authc(AUTHC_HTTPBASIC_INTERNAL)
-        .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX)
+        .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX, SEARCH_TEMPLATE, TestSecurityConfig.User.USER_ADMIN)
+        .plugin(MustacheModulePlugin.class)
         .build();
 
     @Test
@@ -68,4 +79,43 @@ public void testRegexPattern() throws Exception {
         }
 
     }
+
+    @Test
+    public void testSearchTemplateRequestSuccess() {
+        // Insert doc into services index with admin user
+        try (TestRestClient client = cluster.getRestClient(TestSecurityConfig.User.USER_ADMIN)) {
+            TestRestClient.HttpResponse response = client.postJson("services/_doc", TEST_DOC);
+            assertThat(response.getStatusCode(), equalTo(HttpStatus.SC_CREATED));
+        }
+
+        try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) {
+            final String searchTemplateOnServicesIndex = "services/_search/template";
+            final TestRestClient.HttpResponse searchTemplateOnAuthorizedIndexResponse = client.getWithJsonBody(
+                searchTemplateOnServicesIndex,
+                TEST_QUERY
+            );
+            assertThat(searchTemplateOnAuthorizedIndexResponse.getStatusCode(), equalTo(HttpStatus.SC_OK));
+        }
+    }
+
+    @Test
+    public void testSearchTemplateRequestUnauthorizedIndex() {
+        try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) {
+            final String searchTemplateOnMoviesIndex = "movies/_search/template";
+            final TestRestClient.HttpResponse searchTemplateOnUnauthorizedIndexResponse = client.getWithJsonBody(
+                searchTemplateOnMoviesIndex,
+                TEST_QUERY
+            );
+            assertThat(searchTemplateOnUnauthorizedIndexResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
+        }
+    }
+
+    @Test
+    public void testSearchTemplateRequestUnauthorizedAllIndices() {
+        try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) {
+            final String searchTemplateOnAllIndices = "_search/template";
+            final TestRestClient.HttpResponse searchOnAllIndicesResponse = client.getWithJsonBody(searchTemplateOnAllIndices, TEST_QUERY);
+            assertThat(searchOnAllIndicesResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
+        }
+    }
 }