![Flinn-Logo (1)-2.png]](https://help.flinncomply.com/hs-fs/hubfs/Flinn-Logo%20(1)-2.png?height=43&name=Flinn-Logo%20(1)-2.png){kind=small}
Incorrect user permission enforcement
Overview
Flinn's licensing model bounds what each user can see across modules (M1, M2, M4). If permission enforcement is incorrect — for example because a floating license remains marked as occupied, or because a user can see results in a module they are not licensed for — the licensing boundary is not respected and confidential or unlicensed content may surface.
Hazardous situation: A user gains visibility of results in a module they are not licensed for, or a licensed user is incorrectly blocked from results they are entitled to see.
How we mitigate permission enforcement issues- Centralised permissions. Module licensing and per-user permissions are managed centrally and enforced on the server, not only the client. See Roles & Permissions.
- Audit trail. All access decisions and permission changes are recorded; see Audit Trail. Anomalies are detectable from the log.
- Personal data segregation. Personal information is protected independently of feature licensing; see How is my personal data protected?.
- Report mismatches. If you see content you should not — or are blocked from content you should see — Report a problem or a bug immediately.
Related: Data breach and Privilege escalation.