No Active Session
ERR TEST-ERR-002 UC: UC-21.2

Unauthorized Access (Wrong Permission)

Userback Reference: Loading...

Prerequisites

  • Sales Rep has an active account
  • Admin-only URLs are known (e.g., /system/users)

Test Credentials

Role: Sales Rep
Email: s.wallace.test@circlemsp.com
Password: MyPassw0rd123!

Test Steps

# Action Expected Result Screenshot Result
1
Log in as Sales Rep using the credentials above
Dashboard loads with Sales Rep scope
-
2
Manually navigate to an admin-only URL by typing it in the address bar (e.g., https://unified.avnc.net/system/users)
Browser navigates to the URL
-
3
Verify the system returns HTTP 403 Forbidden
403 Forbidden response is displayed – the Sales Rep does not have permission to access this resource
-
4
Verify no data is leaked in the 403 response – no user lists, system info, or sensitive content
Response body contains only the error message, no sensitive data
-
5
Attempt to access another user’s record directly by URL (if the ID is known)
Browser navigates to the direct URL
-
6
Verify the system returns 403 Forbidden or redirects appropriately (no data from the other user’s record is visible)
System enforces row-level security – the Sales Rep cannot view another user’s records via direct URL
-

Acceptance Criteria

← Unauthenticated Access Concurrent Editing →