authorisation-pattern
Installation
SKILL.md
Authorisation Security Pattern
Ensures entities can only perform actions they are permitted to perform on resources they are permitted to access. Prevents privilege escalation and unauthorized access.
Problem Addressed
Entity performs disallowed action: An unprivileged user performs actions reserved for administrators, accesses other users' data, or manipulates resources beyond their permissions.
Examples:
- User changes another customer's account details
- Unprivileged entity performs admin operations
- Attacker accesses internal documents by guessing identifiers