I have a page named register and I want to restrict access to this page only to the predefined hybris user anonymous. in order to achieve that, I created the ImpEx bellow
INSERT_UPDATE CMSUserRestriction; $contentCV[unique = true]; &userRestriction; name ; uid[unique = true] ; users(uid); pages($contentCV, uid)
; ; anonymousUserRestriction ; Anonymous User Restriction ; anonymousUserRestriction ; anonymous ; register
After that, I logged in with a b2bcustomergroup user to the storefront and I still have access to the register page.
ps: I have checked the backoffice, and the ImpEx is imported successfully in the initialization phase.
I think restrictions like this will only work for pages accessed as content pages, i.e. label attribute contains the page URL. These are accessed via a default controller that evaluates restrictions.
The programmatic pages directly reference the page ID in their controller method, their controllers are annotated with the URLs & do not typically reference CMSRestrictions. To control access to these you would use the Spring Security setup: look for spring-security-config.xml in your storefront extension