Resolving problems when access is allowed incorrectly

There could be many reasons why a user might have access to a protected resource, even when you think that the user should not have that access. Here are some checks that you can make to investigate this kind of situation: