}

    /**
     * Checks if the current user has the specified action role or administrative privileges.
     *
     * @param role the role to check (supports both view and edit variants)
     * @return true if the user has the role or admin privileges, false otherwise
     */
    public static boolean hasActionRole(final String role) {
        final String[] roles;

This client could be a browser with a frontend, a code from someone else, an IoT device, etc.

You could need to tell the client that:

* The client doesn't have enough privileges for that operation.
* The client doesn't have access to that resource.
* The item the client was trying to access doesn't exist.
* etc.

```

This tells Traefik to listen on port 9999 and to use another file `routes.toml`.

/// tip

We are using port 9999 instead of the standard HTTP port 80 so that you don't have to run it with admin (`sudo`) privileges.

///

Now create that other file `routes.toml`:

```TOML hl_lines="5  12  20"
[http]
  [http.middlewares]

    [http.middlewares.api-stripprefix.stripPrefix]
      prefixes = ["/api/v1"]

        /** Security impersonation level. */
        public short impersonation_level;
        /** Context tracking mode. */
        public byte context_mode;
        /** Indicates if only effective privileges should be used. */
        public byte effective_only;

        @Override
        public void encode(final NdrBuffer _dst) throws NdrException {
            _dst.align(4);
            _dst.enc_ndr_long(this.length);

        /** Security impersonation level. */
        public short impersonation_level;
        /** Context tracking mode. */
        public byte context_mode;
        /** Indicates if only effective privileges should be used. */
        public byte effective_only;

        @Override
        public void encode(final NdrBuffer _dst) throws NdrException {
            _dst.align(4);
            _dst.enc_ndr_long(length);

	}

	// 3.2 check that user cannot delete the bucket
	err = uClient.RemoveBucket(ctx, bucket)
	if err == nil || err.Error() != "Access Denied." {
		c.Fatalf("User was able to escalate privileges (Err=%v)!", err)
	}
}

func (s *TestSuiteIAM) TestAddServiceAccountPerms(c *check) {
	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	// 1. Create a policy

		if parentInClaim != parentUser {
			return false
		}
	} else {
		// This is needed so a malicious user cannot
		// use a leaked session key of another user
		// to widen its privileges.
		return false
	}

	isOwnerDerived := parentUser == globalActiveCred.AccessKey

	var err error
	var svcPolicies []string
	roleArn := args.GetRoleArn()

	switch {

        </field>
      </fields>
    </class>
    <class>
      <name>Contributor</name>
      <description>Description of a person who has contributed to the project, but who does not have
        commit privileges. Usually, these contributions come in the form of patches submitted.</description>
      <version>3.0.0+</version>
      <fields>
        <field>
          <name>name</name>
          <version>3.0.0+</version>

-...

 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.pac;

/**
 * Constants for PAC (Privilege Attribute Certificate) data structures.
 * Defines buffer types and other constants used in PAC parsing and validation.
 */
public interface PacConstants {

    /**
     * PAC structure version number.
     */