Back to Security Pattern Catalog
: Core Security, Information Disclosure
Presenting the entire user interface has an important security problem associated with it. Some options may be private for some privileged user group and other users should not even see those options. Seeing the entire user interface is annoying for a user who has access to only a few operations when he finds by clicking options that he is not entitled to perform those operations.
How can you present a system’s functionality and ensure that users can only access those parts or data of a system they are entitled for?
Only let the users see what they have access to. Only give them selections and menus to options that their current access-privileges permit. Dynamically adjust the view when the permissions of the user change.
Most operating systems’ and applications’ GUI provide limited access.
Full Access with Errors, Policy Enforcement Point, Security Session, chroot Jail
Access Control, User Interface, Authentication
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz