This feature provides an user based access control to your applications.
It relies on access.xml where you can define how the filtering should be.
Default access control order is "allow deny" (set in order attribute of root node access).
Further will look for nodes as below and grant access or not, based on the access order (allow or deny)
- /access/first_in_access_control_order/app[@name='path to app']/guest
- /access/first_in_access_control_order/app[@name='path to app']/all
- /access/second_in_access_control_order/app[@name='path to app']/guest
- /access/second_in_access_control_order/app[@name='path to app']/all
In defaults.php you will find:
This line defines where you store the current user and XMS_USER_ACCESS_VAR constant is used inside access.xml. You can change this line to match the session var name you use.
As you can see, if there is no session variable defined, the default user is guest.