You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Verify that authorization decisions are made at both the URI and resource level, not just at the resource level.
I could understand this one if it said "not just at the URI level", but not the other way around. Usually you could have more fine-grained access control at the resource level and more coarse-grained at the URI level. Or do I misunderstand the intention of this one?
The text was updated successfully, but these errors were encountered:
@jmanico If you get to this before I do, my thoughts are that we delete or re-word this item as I agree it's pretty unclear.
Suggest: Verify that authorization decisions are made at both the URI, enforced by programmatic or declarative security at the controller or router, and at the resource level, enforced by model-based permissions.
I could understand this one if it said "not just at the URI level", but not the other way around. Usually you could have more fine-grained access control at the resource level and more coarse-grained at the URI level. Or do I misunderstand the intention of this one?
The text was updated successfully, but these errors were encountered: