# Use read only attributes in XPath constraints

<table><thead><tr><th width="138">Check ID</th><th>DOM_0002</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>XPath constraints are used in security access rules to limit the data that a user can view or manage. It is important however that a user does not have read/write access to any of the attributes or associations used in the XPath constraint because otherwise they can change these values and circumvent the XPath constraint. </td></tr><tr><td>Options</td><td>This check does not have any options.</td></tr><tr><td>Pass</td><td>User roles don't have read/write access to any attributes or associations used in XPath constraints for that role.</td></tr><tr><td>Fail</td><td>User roles have read/write access to an attribute or association used in one or more XPath constraints for that role.</td></tr></tbody></table>