V1.4 — Access Control Architecture
Access Control Architecture: 3 L3 requirement(s). V1.4.1: Verify that trusted enforcement points, such as access control gateways, servers, and serverless functions, enforce acce... V1.4.4: Verify the application uses a single and well-vetted access control mechanism for accessing protected data and resources... V1.4.5: Verify that attribute or feature-based access control is used whereby the code checks the user's authorization for a fea...
| Property | Value |
|---|---|
| Section | V1.4 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization |
Source: OWASP Application Security Verification Standard 4.0.3