| Page Properties |
|---|
Contexts | IAM |
|---|
Term | Insufficient Granularity of Access Control |
|---|
Alternative Forms | |
|---|
Definitions | A system weakness characterized by access controls designed too coarsely to assure the required security level , making it impossible to configure access permissions that satisfy the required least privileges. It is a design flaw and is distinct from improperly configured access controls. |
|---|
Related Terms | |
|---|
|
Quotes
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
...
Bibliography
See Also
...
| Filter by label (Content by label) |
|---|
| showLabels | false |
|---|
| sort | title |
|---|
| cql | label = "insufficient-granularity-of-access-control" |
|---|
|