If you haven’t the time to analyze security fully, try this

Ask yourself: when should this object be invisible/inaccessible to a user? Don't go through the full security analysis.  Don't figure out all of the this and that.  Why not?  Well, you already know that you don't have time! If you have some object or table or function that 'should' be secured but MUST be done quickly, leave yourselves some breadcrumbs to retrieve with this question.  Find that one or two circumstances where someone shouldn't use the thing.  Then as you return to the rush of your design or implementation, try to leave enough leeway that you can implement that one restriction quickly even if it has to wait.  This can be enough to do a full security treatment later.