A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.