The software or the administrator places a user into an incorrect group.
If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpectedresources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.
Time of Introduction
Technical Impact: Gain privileges / assume