Ensure that the application enforces who can access specific functions or APIs.

• Check authorization server-side for every single request
• Deny by default