# access-control-patterns > [STUB - Not implemented] Access control auditing with IDOR detection, RBAC/ABAC patterns, and privilege escalation prevention. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation] - Author: Robin Mestre - Repository: robinmestre/skills-factory - Version: 20260201125424 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/robinmestre/skills-factory - Web: https://mule.run/skillshub/@@robinmestre/skills-factory~access-control-patterns:20260201125424 --- --- name: access-control-patterns version: "0.1" description: > [STUB - Not implemented] Access control auditing with IDOR detection, RBAC/ABAC patterns, and privilege escalation prevention. PROACTIVELY activate for: [TODO: Define on implementation]. Triggers: [TODO: Define on implementation] core-integration: techniques: primary: ["[TODO]"] secondary: [] contracts: input: "[TODO]" output: "[TODO]" patterns: "[TODO]" rubrics: "[TODO]" --- # Access Control Patterns > **STUB: This skill is not yet implemented** > > This placeholder preserves the documented plugin structure. > See parent plugin README for planned capabilities. ## Planned Capabilities - **IDOR Detection**: Identify Insecure Direct Object Reference vulnerabilities - **RBAC Patterns**: Role-Based Access Control implementation guidance - **ABAC Patterns**: Attribute-Based Access Control strategies - **Privilege Escalation Prevention**: Detect and prevent unauthorized privilege elevation - Ownership verification patterns - Resource authorization best practices ## Critical Pattern ```typescript // WRONG - no ownership check const post = await db.posts.findById(params.id); // CORRECT - verify ownership const post = await db.posts.findById(params.id); if (post.authorId !== session.userId) { throw new ForbiddenError(); } ``` ## Implementation Status - [ ] Core implementation - [ ] References documentation - [ ] Output templates - [ ] Integration tests