SID-ACCESS-01 — Multi-Tenant Isolation
| Property | Value |
|---|---|
| Status | verified |
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Access Control |
Description
Tenant context extracted from JWT claims (authoritative source). Middleware validates tenant existence and user membership before request processing. Prevents cross-tenant resource access.
Components
- Wallet Backend (Go)
Source References
Audit Findings
| Finding | Severity | Status |
|---|---|---|
| ISO-O-8 — Partial segregation of duties | low | open |
| ISO-O-11 — Partial access rights management | low | open |