When you create a profile group, you specify a set of rules that allows a group of registered users to access some part of your Web site. The AccessController allows access by anonymous users unless your profile group rule explicitly prevents it. To avoid specifying that anonymous users should be excluded in every rule you write, you can set the denyAnonymousUsers property of the GroupAccessController or RuleAccessController class to true. If denyAnonymousUsers is false, all anonymous users are allowed access even if they are in a group specified by denyGroups.

If you are persisting anonymous profiles, denyAnonymousUsers does not control whether or not persistent anonymous profiles are allowed access, even if you set this property to true. This is because the Personalization module treats persistent anonymous profiles as actual profiles and creates a repository item for each persistent anonymous profile. You should expect that persistent anonymous profiles will be allowed access unless you specifically use a rule that denies them access.