Access Control and Authorization: Denying Document with Extended Links

Generally, the whole document request should not be denied if one of its extended link requests is denied. This approach balances availability with security. It allows a user to access the available content while clearly indicating that specific linked components are inaccessible.

For example, in a web environment, if a user requests a page that embeds an image, and the user does not have authorization to view that specific image, the browser typically displays the rest of the page. It often shows a broken image icon or an 'Access Denied' placeholder for the image, rather than preventing the entire page from loading. Denying the entire document for a partial access denial would be overly restrictive and diminish usability for content the user is authorized to see.

An exception exists if the denied linked content is crucial for the comprehension, integrity, or security context of the main document. In such cases, displaying an incomplete or misleading document might be a greater risk than denying the entire request. This design decision depends on the interdependency and sensitivity of the linked content. This modular authorization for components is a common design pattern in distributed environments.