Endpoint | user1 | user2 | user3 | user4 |
---|---|---|---|---|
/balance | GET | GET | GET | GET |
/transfers | GET | GET | GET | |
POST | POST | |||
/settings | PATCH | |||
This shows an access control matrix for a banking website whereby user1 has reporting access (to view /balance only) and user2 has auditing access (read-only access to view balance and a list of transactions), user3 has read-write access (can create transactions), and user4 has full administrative access (can change account settings).