The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).
This item needs more work. Possible sub-categories include: user in wrong
group, and user with insecure profile or "configuration". It also might be
better expressed as a category than a weakness.