What does Gray-box testing restrict in terms of system access?

Gray-box testing sits between black-box and white-box approaches. It gives the tester some knowledge about the system’s internals and some access to internal components, but not full visibility. The idea is to simulate a more informed attacker or insider without exposing everything. So the internal operation is available only partially to the tester—you have enough insight to test integration points and flows, but you don’t get complete source code or full privileged access. If you had complete internal access, that would be white-box testing. If you had no access to internals at all, that would be black-box testing. Full physical access isn’t the typical model for this categorization; gray-box focuses on partial internal knowledge and controlled access rather than just hardware access.