ASVS V4 Access Control

Control Objective
Authorization is the concept of allowing access to resources only to those permitted to use them. Ensure that a verified application satisfies the following high level requirements:


 * Persons accessing resources holds valid credentials to do so.
 * Users are associated with a well-defined set of roles and privileges.
 * Role and permission metadata is protected from replay or tampering.