The Contextual Security plugin should be enabled.
This Contextual Security plugin enables contextual security to secure a record/information using create, read, write, and delete functionality. It secures the data with the help of ACL rules instead of traditional, role-based dictionary rules implemented by simple security manager. After this is installed, the dictionary roles (created by simple security manager) are no longer tested. Instead, the system looks for ACL rules on fields and tables. Even if you configure the dictionary form and add roles to a dictionary entry, no change in rights occurs.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-284 Improper Access Control.