Using Access Control Checks
Use Access Control Checks to identify broken custom code that must be fixed. During development, it is easy to introduce risks into your application by implementing custom code. By using Access Control Checks, you help proactively fix your code by identifying potential issues.
If you do not fix broken access controls, when you enable security protections and the application goes into hardening, the broken features may stop working or will not work properly.
- In the header of Dev Studio, click .
- Optional: On the Search Criteria tab, select from the following
check boxes:
- Select an Application check box to define the application on which you will run the access control check, as shown in the following figure:
- Select the Rulesets check box to define the rulesets on which you want to run the Access Control Check. By default, all rulesets are selected. However, to only run checks on certain rulesets, clear the Ruleset check box to manually indicate which rulesets you want to run the check on.
- Optional: To select whether to display and run the Access Control Check on rules that
call custom code in custom calls, or on a Standard API, select one of the
following radio buttons:
- Custom calls in custom code
- Runs the rules in your applications that call custom code from custom calls.
- Standard API calls in custom code
- Runs the rules in your applications that call custom code from Standard API.
- Click List Rules for mitigation button.The results display as shown in the following figure:
- Optional: To view the matched strings for each line result, click the Preview icon for
that line.The following figure shows an example of the line preview:
- Optional: To group rules based on Rule Type or Ruleset, click Group.
- Open each rule to refactor and address its issues.
Previous topic Complying with regulatory standards Next topic Security in App Studio