New Relic: "Basic user" which can only access a limited subset of the platform can access certain pages which are restricted to the user by the account owner.

@jhimansh described an issue where forced browsing could be used to visit restricted pages as an unprivileged user. As our web application is shipped as client side JavaScript, there is no way to prevent viewing all pages within that code. However, checks are done server-side to ensure that unauthorized changes fail as expected.