Why does restriction on a page does not work

Question

I have a page named register and I want to restrict access to this page only to the predefined hybris user anonymous. in order to achieve that, I created the ImpEx bellow

INSERT_UPDATE CMSUserRestriction; $contentCV[unique = true]; &userRestriction; name       ; uid[unique = true]       ; users(uid); pages($contentCV, uid)
                                ; ; anonymousUserRestriction ; Anonymous User Restriction ; anonymousUserRestriction ; anonymous ; register

After that, I logged in with a b2bcustomergroup user to the storefront and I still have access to the register page.

ps: I have checked the backoffice, and the ImpEx is imported successfully in the initialization phase.

Is the restriction synced to online? – geffchang May 15 '20 at 06:46 — geffchang, May 15 '20 at 06:46
@geffchang yes it is synced to online – Soufiane Roui May 15 '20 at 14:24 — Soufiane Roui, May 15 '20 at 14:24

score 3 · Accepted Answer · answered May 15 '20 at 15:54

I think restrictions like this will only work for pages accessed as content pages, i.e. label attribute contains the page URL. These are accessed via a default controller that evaluates restrictions.

The programmatic pages directly reference the page ID in their controller method, their controllers are annotated with the URLs & do not typically reference CMSRestrictions. To control access to these you would use the Spring Security setup: look for spring-security-config.xml in your storefront extension

Why does restriction on a page does not work

1 Answers1