Back to Security Pattern Catalog




Limited Access


Classification Key : Core Security, Information Disclosure

Problem

Presenting the entire user interface has an important security problem associated with it. Some options may be private for some privileged user group and other users should not even see those options. Seeing the entire user interface is annoying for a user who has access to only a few operations when he finds by clicking options that he is not entitled to perform those operations. How can you present a system’s functionality and ensure that users can only access those parts or data of a system they are entitled for?

Solution

Only let the users see what they have access to. Only give them selections and menus to options that their current access-privileges permit. Dynamically adjust the view when the permissions of the user change.

Known Uses

Most operating systems’ and applications’ GUI provide limited access.

Related Patterns

Full Access with Errors, Policy Enforcement Point, Security Session, chroot Jail

Source

Wiley Book

Tags

Access Control, User Interface, Authentication


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz