| TC-TEN-001 | School Manager A attempts to access School B data | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-TEN-002 | Supplier A attempts to access Supplier B orders | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-TEN-003 | Operator A attempts to access unassigned store/cafeteria | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-TEN-004 | Parent A attempts to access another parent student | Negative | Critical | Access denied | Screenshot or API 403 response | Not Run |
| TC-TEN-005 | User modifies request scope manually | Negative | Critical | Backend rejects unauthorized scope | API request/response evidence | Not Run |