How to test Access Control Limits (ACLs)?

Image

Overview

Access Control Limits (ACLs) are the expression of the systems information security policies, they can be complex in their nature and vital to not only be correct but also to be seen as correct. The ACLs sanity checks allow for this business level visibility to the information security policies.

All sanity checks in the base product are run as part of the system build process which does not proceed  if there are any failures.

The sanity checks allow for dummy data to be generated ( but not saved) and

User Access Control Limits

Image

Every class in the system has ACLs (Access Control Limits ) which prevent CRUD ( Create, Read, Update and Delete) of records that are unauthorized. These ACLs are applied to all requests regardless of where or how the requests is made.

The same ACLs apply to web forms, SOAP requests, ReST or any other protocol.

Access Control Limits