What is the process of limiting users to access only the functionality and data that they are specifically permitted to use?

Which component defines the user or entity making the request in the access control system?

What is the most common attack on access control where an attacker manipulates input to access unauthorized features or data?

Which access control anti-pattern relies on protecting parts of the system based on obscure URLs and patterns?

What is the key design flaw of hard coding authorization policies into application code?

Which guiding principle suggests building a centralized access control engine/decision maker?

What is the main limitation of Role-Based Access Control (RBAC) compared to Attribute-Based Access Control (ABAC)?