The key aspect is that improper access controls create vulnerabilities by allowing unauthorized users to access systems or data they should not have access to based on policy. Proper access controls should follow the principle of least privilege, be restrictive in granting access, and be careful abo...