SKILL-011 Security, testing, and operations Locked skill

Authorization tests

Happy-path tests prove a user can see their own data. Authorization tests prove they CAN'T see everyone else's. Only the second kind catches a breach.

Unlock download Unlock downloads

What this skill helps you build

Prove the negative: write the tests that show a user from one tenant cannot read or write another tenant's data — the bugs that don't crash, they leak.

The production takeaway

Happy-path tests prove a user can see their own data. Authorization tests prove they CAN'T see everyone else's. Only the second kind catches a breach.

Inside this skill

The full skill expands these implementation areas with decisions, edge cases, prompts, tests, and framework-specific code.

Security, testing, and operations

What this helps you build

A test suite that actively tries to break your access controls: a member of org A attempts to read, update, and delete org B's records, a viewer attempts an admin only action, an u

🔒

Security, testing, and operations

When to use this

Write authorization tests for every privileged or tenant scoped action — which, in a multi tenant SaaS, is most of them. Especially: Anything that reads or mutates records owned by

🔒

Security, testing, and operations

The core idea

Authorization is the one area where the negative test is the important one . A test that a user can see their own invoice is nice; a test that they get a 404 on someone else's invo

🔒

Unlock the full implementation

Paid access includes the complete skill body, implementation prompt, common mistakes, production checklist, and code examples where this skill includes them.

Unlock all skills — $199 Browse the library