User can bypass security access policy for some methods.
vulners.com/securityvulns/securityvulns:doc:19295