Back to Security Pattern Catalog

Limited Access

Classification Key : Core Security, Information Disclosure


Presenting the entire user interface has an important security problem associated with it. Some options may be private for some privileged user group and other users should not even see those options. Seeing the entire user interface is annoying for a user who has access to only a few operations when he finds by clicking options that he is not entitled to perform those operations. How can you present a system’s functionality and ensure that users can only access those parts or data of a system they are entitled for?


Only let the users see what they have access to. Only give them selections and menus to options that their current access-privileges permit. Dynamically adjust the view when the permissions of the user change.

Known Uses

Most operating systems’ and applications’ GUI provide limited access.

Related Patterns

Full Access with Errors, Policy Enforcement Point, Security Session, chroot Jail


Wiley Book


Access Control, User Interface, Authentication


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz