Security Test Scenarios

Overview

Comprehensive security scenarios to verify the implementation.

Organizational Access Tests

Primary Organization Access

✓ User can read entities in primary organization ✓ User can write entities in primary organization ✗ User cannot access entities in unlinked organizations

Linked Organization Access

✓ User can read entities in READ-linked organization ✗ User cannot write entities in READ-linked organization ✓ User can write entities in READ_WRITE-linked organization

Admin Bypass

✓ Admin can access all organizations ✓ Global viewer can read all organizations ✗ Global viewer cannot write to organizations

Personal Access Tests

Self Access

✓ User can access own person data ✓ User has READ_WRITE to own data

Linked Person Access

✓ Parent can access child data (FAMILY, READ_WRITE) ✓ Team manager can read team member data (READ) ✗ Team manager cannot write team member data (READ)

Dual-Scoped Tests

✓ User can access entry with both org and person access ✗ User cannot access entry with org but no person access ✗ User cannot access entry with person but no org access

See full test suite in Complete Code Examples.