![Flinn-Logo (1)-2.png]](https://help.flinncomply.com/hs-fs/hubfs/Flinn-Logo%20(1)-2.png?height=43&name=Flinn-Logo%20(1)-2.png){kind=small}
Privilege escalation
Overview
Privilege escalation happens when a user reaches a level of access higher than the one assigned to them — usually because of a defect in the access-control layer. Even unintentional escalation is a risk: a user may inadvertently see, edit or delete data that should be outside their remit.
Hazardous situation: A user with limited rights gains higher privileges due to a bug, exposing sensitive areas of the software.
How we mitigate privilege escalation- Layered access checks. Access decisions are enforced on both the front-end and the back-end; bypassing the UI does not bypass the underlying authorisation checks. See Roles & Permissions for the role model.
- Audit trail of permission-relevant actions. Permission changes and access to sensitive areas are logged in the Audit Trail, so anomalous escalations can be detected.
- Validated releases. Each release is exercised against representative permission scenarios; see Flinn Release & Validation Process and How is Flinn conducting software validation?.
- Personal data segregation. Per the safeguards in How is my personal data protected?, sensitive personal data is protected independently of feature-level permissions.
- Report immediately. If you can perform an action that you believe should be outside your role, Report a problem or a bug. Treat unexpected visibility into other users' searches or results as a security event.
For related residual risks see Data breach and the documentation on Roles & Permissions.