V4.1 — General Access Control Design
General Access Control Design: 4 L3 requirement(s). V4.1.1: Verify that the application enforces access control rules on a trusted service layer, especially if client-side access c... V4.1.2: Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end use... V4.1.3: Verify that the principle of least privilege exists - users should only be able to access functions, data files, URLs, c... ... and 1 more.
| Property | Value |
|---|---|
| Section | V4.1 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ACCESS-01 | Multi-Tenant Isolation |
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization |
Source: OWASP Application Security Verification Standard 4.0.3