# Access Control

Access control issues refer to situations where a user is able to perform actions that they should not be authorized to do, such as deleting or modifying another user's data. This can happen due to a misconfiguration of access controls or a flaw in the application's code that allows users to bypass access controls.

Not to be confused with IDOR, while both vulnerabilities are related to authorization and access control, IDOR is more specific to the manipulation of object references, while access control issues refer to a broader set of vulnerabilities that can arise due to inadequate access control mechanisms.

### References

{% embed url="<https://portswigger.net/web-security/access-control>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ttp.parzival.sh/pentesting/web-applications/access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.