A sharp review of CWE-284 that explains key access control risks, clarifies CWE mappings, and adds modern fixes like least privilege and zero trust.