ASVS Requirement 8.1.2

• Level: 2
• Chapter: V8 Authorization
• Section: V8.1 Authorization Documentation
• Source: 0x17-V8-Authorization.md

Description

Verify that authorization documentation defines rules for field-level access restrictions (both read and write) based on consumer permissions and resource attributes. Note that these rules might depend on other attribute values of the relevant data object, such as state or status.