Endpoint |
user1 |
user2 |
user3 |
user4 |
/balance |
GET |
GET |
GET |
GET |
/transfers |
|
GET |
GET |
GET |
|
|
|
POST |
POST |
/settings |
|
|
|
PATCH |
|
|
|
|
|
This shows an access control matrix for a banking website whereby user1 has reporting access (to view /balance only) and user2 has auditing access (read-only access to view balance and a list of transactions), user3 has read-write access (can create transactions), and user4 has full administrative access (can change account settings).
Endpoint |
user1 |
user2 |
user3 |
user4 |
/balance |
GET |
GET |
GET |
GET |
$/$ transfers |
|
GET |
GET |
GET |
|
|
$2 / 3:$ POST |
|
|
/settings |
|
$3 / 3:$ PATCH |
|
|