Hi Team,

According to the program scope, the domain **https://uat.harness.io/** is listed as in-scope. However, I am currently unable to access or reach this domain, and I wanted to check whether there are any prerequisites, access requirements, or known limitations for testing it.

Additionally, I noticed that the following endpoints under **https://app.harness.io/** are explicitly listed as out of scope, as they serve other products:

I would like to clarify whether any part of https://app.harness.io/ is permitted for testing, specifically for scenarios such as:

Broken Access Control

Privilege Escalation

Role-based access validation across different user roles

My concern is that many application paths (for example:

/ng/account/{accountId}/module/ci/orgs/default/settings/access-control/users) appear to fall under these out-of-scope endpoints, which seems to cover a large portion of the application’s functionality.