Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community

ACLs Should Not Be Entirely Empty Or Contain The “Public” Role

< 1 min read

Impact Area

Security

Performance

Severity

Warning

 

Affected Element

Access Control

 

Rule ID #

 SN-WEAK-ACL

Impact

Empty ACLs or ACLs which contain the “Public” role are one of the factors that can lead to exposing private data to unauthenticated users. An empty ACL is an ACL which specifies no conditions, no roles and performs no validations in the script field.


Remediation

Make sure that all the ACLs on tables that contain private data have at least one of the security restrictions defined (condition, roles, validations in the script field) and they do not contain the “Public” role.

Time to fix

40 min

References

This rule is linked to Common Weakness Enumeration CWE-284: Improper Access Control.

Updated on March 21, 2025
Table of contents
Was it helpful ?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .